- Posts: 10
- Thank you received: 0
PIX question. Cannot access global IP from inside
- rahulpathania
- Offline
- New Member
-
Less
More
19 years 1 week ago #11365
by rahulpathania
Replied by rahulpathania on topic Re: PIX question. Cannot access global IP from inside
1) Pix-506E/Pix-501 does not support 7.0 as in order to load it you need minimum of 64MB RAM.
2) Something you are trying to perform is to access your webserver using the public 202.x.x.10 ip address which will never work on a Pix which has a server and client on same network/interface of Pix---technically called as "one armed routing" and is not supported on pix. One armed routing is supported on 7.0 but ONLY FOR IPSEC TRAFFIC nto for clear text traffic... remember.
Had server and client been on different interface (515E...onwards), there is something called as DNAT (Destination NAT) would have accomplished your goal.
3) In such scenario, you can only access your webserver with the URL (domain name) say the one world uses www.xyz.com
For which you have to modify your static statement as follows:
static (inside,outside) 202.x.x.10 192.168.x.10 dns netmask 255.255.255.255
This is called as DNS Doctoring in technical terms.
After implementing this static with "dns" keyword, you need to make sure that the DNS Server on your client machine points to a DNS server outside your network... for example 4.2.2.68 and 4.2.2.2.
4) Do an ipconfig /flushdns on your client machine and give a shot...!!!
Cheers,
Rahul Pathania
Empowering The Internet Generation
www.ciscosearch.com
2) Something you are trying to perform is to access your webserver using the public 202.x.x.10 ip address which will never work on a Pix which has a server and client on same network/interface of Pix---technically called as "one armed routing" and is not supported on pix. One armed routing is supported on 7.0 but ONLY FOR IPSEC TRAFFIC nto for clear text traffic... remember.
Had server and client been on different interface (515E...onwards), there is something called as DNAT (Destination NAT) would have accomplished your goal.
3) In such scenario, you can only access your webserver with the URL (domain name) say the one world uses www.xyz.com
For which you have to modify your static statement as follows:
static (inside,outside) 202.x.x.10 192.168.x.10 dns netmask 255.255.255.255
This is called as DNS Doctoring in technical terms.
After implementing this static with "dns" keyword, you need to make sure that the DNS Server on your client machine points to a DNS server outside your network... for example 4.2.2.68 and 4.2.2.2.
4) Do an ipconfig /flushdns on your client machine and give a shot...!!!
Cheers,
Rahul Pathania
Empowering The Internet Generation
www.ciscosearch.com
- iamthestar
- Offline
- New Member
-
Less
More
- Posts: 1
- Thank you received: 0
19 years 1 week ago #11384
by iamthestar
Replied by iamthestar on topic Re: PIX question. Cannot access global IP from inside
By default pix does nt support icmp traffic accross pix. you can enable it for a testing and then disable it
the command is
#icmp permit any any
then you will be able to ping.
For your web server you need to give a rerouting command like
#static(outside, inside) Source IP Dest. IP
i dont remember the exact command you just check it
Hope that will workout for you.
the command is
#icmp permit any any
then you will be able to ping.
For your web server you need to give a rerouting command like
#static(outside, inside) Source IP Dest. IP
i dont remember the exact command you just check it
Hope that will workout for you.
Time to create page: 0.116 seconds