Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PIX and NATs Im guessing 2

Status
Not open for further replies.
OHSR

OHSR

MIS
May 5, 2004
13
US
Hey all,
This is my first post on this forum, so please go easy. My questions is im guessing related to the NATs setup on the PIX (PIX515). I'm sure this is simple, but I cannot ping they other outside (internet) IPs of other servers in our organization. They all have static setups with their own IPs. I'll try and diagram below:

Server1 internal: 192.168.0.2 Internet IP: 63.63.63.182
Server2 internal: 192.168.0.3 Internet IP: 63.63.63.183

Server1 cannot ping Server2 with "ping 63.63.63.183"

Both are setup as:

static (inside,outside) 63.63.63.182 192.0.0.2 netmask 255.255.255.255 0 0

static (inside,outside) 63.63.63.183 192.0.0.3 netmask 255.255.255.255 0 0

Netiher have any other erros. I am not good at all with understanding static NAT. Any help is appreciated.

Thanks in advance!
 
Sort by date Sort by votes
it is possible to do what you want but you need to send traffic out to a router first then back in, this way the int is not doing redirects, and your email servers can communicate
 
Upvote 0 Downvote
thanks for the help anyways!

Smikes (or anyone else for that matter)... if you see this, do you have any thoughts on how to get this to work out?
 
Upvote 0 Downvote
Antotech:

Sorry we must have posted at the same time, and i missed your last post.

You are say setup a physical DMZ. There is a perimeter router in place, but it is only sending traffic to the PIX, doing nothing more. I'll look into it. its in the coperate office and i work remotely. so ill check it sometime.

Thanks.
 
Upvote 0 Downvote
ok,

Another solution is to dual home the Servers and assign the NATes public IP's to the second NIC I think that would work also
 
Upvote 0 Downvote
I'm not exactly clear what the problem is here... If you want a host on the inside to access another host on the inside, always refer to it by its real ip address. Not its internet (global outside) address. You should have a split horizon DNS to compliment this.
 
Upvote 0 Downvote
smikes, its not a problem until DNS resolves the name for email, everything else i can use the real ip.

The new email sever is sending to mydomain.com (existing old email server), DNS points to the old mail server's public IP and sending the message to the address times out.
 
Upvote 0 Downvote
Ah, so it is in fact a DNS issue then. You should always have two separate DNS servers. One that resolves requests for your domain from the outside, and another server that resolves requests for inside hosts. The external DNS server will have a minimal amount of info-- at least mx entries to your mail server. In addition, its not good practice to have just one DNS server with every single host listed in there for security reasons i'm sure you can see.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Lccarter
  • Locked
  • Question
Cisco CUCM Provisioning and Order Management System
Replies
1
Views
136
Lccarter
Lccarter
acabezas2014
  • Locked
  • Question
Need to create QoS for SNMP and Radius traffic on Cisco 4948 Switches
Replies
0
Views
73
acabezas2014
acabezas2014
mrdom
  • Locked
  • Question
RV325: Accessing LAN and WAN resources using the same hostname ...
Replies
0
Views
71
mrdom
mrdom
dmourghen
  • Locked
  • Question
PBR issue and Access-list
Replies
0
Views
85
dmourghen
dmourghen
jeepinbob
  • Locked
  • Question
WS-C2960X-24TS-LL and QOS
Replies
0
Views
60
jeepinbob
jeepinbob

Part and Inventory Search

Sponsor

Back
Top