PIX inside access to outside interface back inside???

[adminadminadmin]

Hi all. I need some help allowing inside network traffic to obtain access back inside my network.

To explain, I have an internal DNS server that is accessed via Port Address Translation from the Internet. I also have an internal

http://WWW server

that is accessed via PAT. This works fine from the Internet.

It's the internal users that are having problems... When internal users using the internal DNS server resolve xyz.com to the external interface on the Pix which is to be PAT'ed back inside to our internal xyz.com

http://WWW server,

they cannot access this.

Any help would be greatly appreciated.

 

[yizhar]

HI.

You should try to use different DNS servers for internal versus external DNS clients, and at the DNS server used for internal clients, specify the internal IP address for the

http://www host

record.
Another option is to deploy HOSTS files to internal clients.

There is the "alias" command at the pix, but I think that it won't help with your configuration, because both the internal hosts and the DNS server are on the same network (or isn't it so?) so the pix will not be able to tweak the DNS result if it does not pass via the pix at all.

If I got your situation right, I think that the best solution is to let your ISP manage your DNS registered domain name on the ISP DNS servers, and use your internal DNS for internal hosts only.
Better security for you, and also a solution for the problem you have mentioned.

Bye
Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar

 

[jduran]

Another option, although it is not directly related to the PIX is to use a DNS server that permits views, so you can discriminate the origin of the query and answer accordingly