1841 on fiber connection 1

[dgoradia]

I just moved from two T1s to dedicated fiber. The fiber comes in to a ZyXEL L2 switch where it gets converted into ethernet and from there I have it going to a PIX 501 which is connected to my internal network.
(ISP <> PIX <> internal network) If I go to an IP address pointing to one of my internal servers from inside my network, it won't work; but I can go to it from outside and it works fine. So my previous setup had two 1841 routers connected before the PIX, like so: ISP <> 1841 <> PIX <> internal network.

I need to connect the router up so that I can access an internal server with inside using an external ip or hostname, like

http://www.domain.com

that points to my web server.

Can someone please help me configure the router to get this done?
I can post my config if it's needed.

 

[unclerico]

you don't necessarily have to put the 1841 in if you don't want to. on the pix you could create an alias or use the "newer" dns doctoring function found here:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml

if you want to put the 1841 in, then use CBAC and the DNS application layer gateway (ALG)

the third option would be to use split-brain dns and establish your external name space on an internal dns server.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[dgoradia]

I looked into option 1, though its a little confusing as the commands shown are for the ASA i think i already have this:

part of my config:
static (inside,outside) x.x.1.4 192.168.0.35 dns netmask 255.255.255.255 0 0

but when I use the ip x.x.1.4 in a browser it does not work from inside. For some reason the domain name: domain.com is working, which is confusing me even more as the ip address that that domain points to is x.x.1.4 which is what i'm typing in the browser.

(the way is it set up at the moment it ISP <> PIX <> internal network.) the pix has everything setup, nat, pat etc...
Public ip = x.x.1.2
gateway: x.x.1.1
subnet: 255.255.255.240
ip range: x.x.1.2 to x.x.1.12

i was told by someone on an irc channel that i should use the following config on the 1841:

interface f0/0
no shut
no ip address
bridge-group 1
interface f0/1
no shut
no ip address
bridge-group 1

but that doesn't seem to work.


Option 2, i don't understand how to use CBAC/ALG

 

[unclerico]

be sure to put the dns keyword at the end of the static nat entry and try it again.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[dgoradia]

i tried it the following ways:

static (inside,outside) x.x.1.4 192.168.0.35 dns netmask 255.255.255.255 0 0 dns

static (inside,outside) x.x.1.4 192.168.0.35 netmask 255.255.255.255 0 0 dns

the first one just comes up like: static (inside,outside) x.x.1.4 192.168.0.35 dns netmask 255.255.255.255 0 0
once i apply and do 'wr term'

and the second one come up like so and does not work either: static (inside,outside) x.x.1.4 192.168.0.35 netmask 255.255.255.255 0 0

 

[unclerico]

hmmm, interesting. ok, try using the alias command:

alias (inside) x.x.1.4 192.168.0.35 255.255.255.255

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[dgoradia]

Sorry, that did not work either. I'm guessing I do need that 1841 in between the pix and isp.

 

[unclerico]

what version of code is on your PIX??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[dgoradia]

It is a PIX 501 and version 6.3(5)