Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cannot get back in on same interface

Status
Not open for further replies.
NettableWalker

NettableWalker

IS-IT--Management
Jun 18, 2005
215
GB
Hi Everyone,

I've got a silly little problem that i am sure there is an easy answer to:

My users cannot get remote access such as Citrix or Outlook web access from inside the company. Their default gateway is also the input IP address for all remote access. It is as if the edge router will not send packets out and back in again on the same interface.

Is this a simple routing question, or NAT?

Any help would be gratefully received.

Ta.

MCP,CCA,CCNA, Net+, Half CCNP...
 
Sort by date Sort by votes
Couple of questions...

Are the Citrix and OWA boxes on a DMZ? If so then you may have to setup a static route for internal users to be able to access them (don't know if this could cause a security issue though)
Can your users ping the ip addresses for the internal citrix and OWA servers? If they get replies then check internal DNS to make sure this is working properly with nslookup.
 
Upvote 0 Downvote
Hi mRgEE,

No they are not on a DMZ, they are ont he internal network. Yes, they are pingable from internally. They just cannot be accessed using the external IP address (and NAT) from within the internal network.

MCP,CCA,CCNA, Net+, Half CCNP...
 
Upvote 0 Downvote
I didn't think you could go in and out on the same interface like that.

In any case, if you want your internal users to be able to access those services they should be directed to the internal IP's that those services run on - typically you would do this with a split DNS. For example, I have a zone for my public domain hosted on my internal DNS servers which is separate to the public DNS servers authoritative for my organisation's domain out on the internet. Both contain the same hostnames for the services I want people to be able to access. So, when people browse to OWA.company.com internally my internal DNS servers resolve it to the internal IP, when they are external the public DNS servers resolve it to the public IP so it all works seamlessly.

HTH
 
Upvote 0 Downvote
If its a pix then you cant go in and out the same int, I am not sure if the same can be said regarding cisco routers. However you say 'default gateway' are you implying that the workstations are on the same subnet as the servers?
 
Upvote 0 Downvote
I think Split DNS is what i need, How do you set this up on a Windows 2000 or 2003 server?

MCP,CCA,CCNA, Net+, Half CCNP...
 
Upvote 0 Downvote
The main prerequisite is that your public DNS domain must be hosted on a different DNS infrastructure to the one that your internal clients use - e.g. clients out on the public internet use my ISP's DNS servers to resolve hostnames within my public domain whereas Internal clients use internal DNS servers to resolve internal hosts. It doesn't have to be your ISP's DNS servers necessarily but external clients must use DNS servers that are entirely separate to your internal servers.

In my environment my internal Windows domain is a subdomain of the public domain e.g. my public domain is company.com, internally we use int.company.com. Before I set up the split DNS, our internal DNS servers would forward internal DNS requests for hosts in our public domain to our ISP's DNS server. So if I'd left it like this when my internal clients queried for OWA.company.com they'd get the public IP back - which is the problem you're having by the sound of things.

To create the split DNS you simply create a zone on your Windows DNS servers for your public domain. So my internal DNS servers now also have a company.com zone - which they think they're authoritative for. You then add all the hosts that may need to be resolved by internal clients to this zone. So add pointing to the public IP), your mx records etc. etc. plus the hosts we're talking about for OWA (now pointing to the internal IP) etc.

Since your internal servers now think they're authoritative for your public domain they'll now resolve hostnames in your public domain for your internal clients. So when an internal client queries for your internal DNS servers provide your internal client with the correct public IP address, however, when they query for OWA.company.com they get the internal IP address thus circumventing the problem you're experiencing.

Because the external DNS infrastructure is completely separate, clients on the public internet will get the correct external IP for OWA.company.com

OK? :)
 
Upvote 0 Downvote
Simple! that's all set up now and works great.

Thanks alot for that, i was trying all sorts of stupid things like route maps to send the data through the WAN and out another interface and things like that.

Problem solved!



MCP,CCA,CCNA, Net+, Half CCNP...
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

PThomp3344
  • Locked
  • Question
Trying to connect to Cisco Unified Controller web interface: UC520W-16U-4FXO-K9
Replies
1
Views
170
bdk76
bdk76
testman1
  • Locked
  • Question
SIP telephone ring on second call
Replies
0
Views
111
testman1
testman1
stanlyn
  • Locked
  • Question
HowTo Install Multiple PAP2T ATA Devices on Same Lan
Replies
3
Views
165
iggsterman
iggsterman
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
202
madwok
madwok
bfordz
  • Locked
  • Question
new help on setting up third party VoIP phones through Catalyst 2960x switch
Replies
0
Views
101
bfordz
bfordz

Part and Inventory Search

Sponsor

Back
Top