Access NAT address from inside

[shunsing]

I once knew the answer to this, but have since forgotten. I want to be able to access an internal server via it's external (NAT'd) address. I know it's possible, just can't remember how... any thoughts? I'm almost wondering if the ACL needs to be modified on the outside interface to permit the inside network to that NAT address...? Goofy.

Thanks in advance!!

 

[dopehead]

Well, old-style of doing this is an alias command to forward the traffic to the internal address via the extenal one, but not advisable to use since this will dissapear in the next release.
Another way is to have your own internal dns server for internal lookups. Also using a hosts file works, dns doctoring unfortunately is broken in the current 6.3 release, it worked in 6.3(1) as i recall. All you need then is the "dns" keyword in your static nat statement for that server.

Jan


Network Systems Engineer
CCNA/CQS/CCSP/Infosec

 

[shunsing]

I thought the 'fix' was relatively simple. I remember saying to myself 'why didn't I think of that?'. Maybe it was the alias command your talking about, which commands would take care of that? I don't remember using alias commands on the PIX. Note: I'm a CLI guy and rarely use PDM.

Thanks again!

 

[dopehead]

Well, alias is the simplest way to do it, all you do is enter "alias (outside) <private ip> <public ip> <mask>" it might be that you have to change the private and public around, it has been way too long since i used alias last.

Jan


Network Systems Engineer
CCNA/CQS/CCSP/Infosec