cisci pix, w/dsl & public IP server

[DSSTCO]

We have installed a DSL (in bridge mode).
The server is addressed with a public IP via the PAT.
The server is accesiable from the WAN side, no problem.
The PC's can browse the world.
The server can be reached from the PC via the private address.
The server cannot be reached from the private addressed PC's when attempting to locate the server via the public address.

Are we missing something in the PIX, PAT?
Thanks




Doug
Dept Strategic Systems
Center for Strategic Leadership

 

[Phobos1821]

If i'm understanding you correctly, this is working as intended.

Your internal clients will not be able to access your server by it's public address. The reason is the request, and the destination are comming in / out of the same interface. Your internal network does not have a route defined for your public IP, and sends it to your internet DSL, your internet DSL shoves the same packet right back on you saying it's destination is your internal network. Hence confusion

Example.
Client Computer: Find 22.33.44.55, go to default gateway
Gateway: I dont have a route for 22.33.44.55, go to default gateway(internet)
Internet: 22.33.44.55 is on your internal network. Back to you
Gateway: What?!? I dont have a route for that, I just sent it to you.

technical
---
private server ip: 192.168.1.10
public server ip: 22.33.44.55
client private ip: 192.168.1.200
default gateway: 192.168.1.1

request:
192.168.1.200 <-> 192.168.1.1 (dst = 22.33.44.55)
192.168.1.1(no internal routes for 22.33.44.55) <-> internet (gateway of last resort).
internet(22.33.44.55 = 192.168.1.1) <-> 192.168.1.1 (what?!?)
---
You need to modify DNS entries for your local DNS server to translate the server IP / website name to a local IP address. Port Address Translation will take care of incomming requests.