PLEASE HELP!

[CSlack]

I have a PIX 520 and a web server behind the PIX. From outside my network I can hit my web server with the public address I statically assigned to it to point to my Internal web server. How can I hit my web server from inside my network using the public address instead of the private address of the network I am on. Please help

Thanks

Chris Slack [sig][/sig]

 

[lardum]

This is a NAT problem, generally it is not possible to do this without having a seperate internal DNS server.

What version of IOS are you running?

Regards

Lars [sig][/sig]

 

[Guest_imported]

Lardum's solution is certainly the best, but if using dual DNS doesn't cut it for you there is a rather ugly hack that can allow inside users to access the xlated addresses on the public side of the pix.

It involves placing a router outside of the pix that you have administrative control over. Configure that router to have static routes for any xlated addresses you want to hit. This router should also be the default route for the pix. When the router receives a packet destined for the xlated address, it will ICMP redirect that packet pack to the pix's public interface. Its ugly but it works. Best recommendation .... do it via an internal DNS server.