I can't access my DMZ server via its OUTSIDE address - ALIAS / NAT OUTSIDE?

THE SCENARIO:

I have a LAN with lots of PCs which can access the INTERNET (INSIDE) 10.0.0.0/16
I have a web server on the DMZ (10.1.0.50) which is translated to 62.136.0.50 on the OUTSIDE

The WORLD can access 62.136.0.50 with NO problems

The INSIDE machines can access 10.1.0.50 no with no problems.
The INSIDE machines CANNOT access 62.136.0.50

So what we`re saying here, is that the INSIDE cannot access a DMZ host that is translated to the OUTSIDE interface.

We need to find a way of getting 10.0.0.0/16 machines to access 62.136.0.50 by performing a translation, so that internal machines connecting to 62.136.0.50 are in fact redirected to 10.1.0.50




THE SOLUTION:

In Pix version earlier than 7.0 use the ALIAS command

ALIAS (inside) 62.136.0.50 10.1.0.50 255.255.255.255

or

ALIAS (inside) xx.xx.xx.xx ii.ii.ii.ii 255.255.255.255
Where xx.xx.xx.xx is the EXTERNAL address and ii.ii.ii.ii is the address on the DMZ


In version 7.0 the ALIAS command was depreciated - while it still works OK in Version 7.0, Cisco ASDM doesn`t support the ALIAS command

In PIX 7.0 upwards we will use a STATIC command instead

STATIC (dmz,inside) 62.136.0.50 10.1.0.50 netmask 255.255.255.255

or

STATIC (dmz,inside) xx.xx.xx.xx ii.ii.ii.ii netmask 255.255.255.255
Where xx.xx.xx.xx is the EXTERNAL address and ii.ii.ii.ii is the address on the DMZ