inside to DMZ web server via Private(real) IP or Public IP. 1

[dannyyo]

I have an issue of not being able to access the DMZ web server using the public IP. I can get to it using the private(real) IP, but not the public IP. However from the outside I can use the public IP to get to it. So I discovered that I can issue the command:

static (DMZ,inside) x.x.x.50 i.i.i.10 netmask 255.255.255.255

this will make it work. But now I can't get to the DMZ web server from inside using the private IP.

Basically, this

http://www.tek-tips.com/faqs.cfm?fid=6266

is the same issue. Although the solution fixes one issue, but breaks the other.

I called cisco tac and they told me that I have to chose one and can't have both. Is this right? Not that I doubt TAC. I just want to confirm that everyone agrees with this.

 

[Supergrrover]

You have to pick one. Do you use a DNS server or are you trying it by IP alone? If it is a DNS server, you can change the record on your internal server or use DNS rewrite to alter it when it hits the pix and it returns the fixed ip.


Brent
Systems Engineer / Consultant
CCNP, CCSP

 

[dannyyo]

I C. Thanks for clarifying it for me.

Currently, I'm only using IP. I'll add DNS to the equation later.

 

[desperado618]

you can use private Ip using the ALias command. That was designed specifically for public webservers that need to be accessed internally.

http://www.NetLeets.com

IT Security news and information
In plain English