×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Security, hacker detection & forensics FAQ

Pix Hints and Tricks

I can't access my DMZ server via its OUTSIDE address - ALIAS / NAT OUTSIDE? by F1lby
Posted: 28 Mar 06 (Edited 28 Mar 06)

THE SCENARIO:

I have a LAN with lots of PCs which can access the INTERNET (INSIDE) 10.0.0.0/16
I have a web server on the DMZ (10.1.0.50) which is translated to 62.136.0.50 on the OUTSIDE

The WORLD can access 62.136.0.50 with NO problems

The INSIDE machines can access 10.1.0.50 no with no problems.
The INSIDE machines CANNOT access 62.136.0.50

So what we`re saying here, is that the INSIDE cannot access a DMZ host that is translated to the OUTSIDE interface.

We need to find a way of getting 10.0.0.0/16 machines to access 62.136.0.50 by performing a translation, so that internal machines connecting to 62.136.0.50 are in fact redirected to 10.1.0.50




THE SOLUTION:

In Pix version earlier than 7.0 use the ALIAS command

ALIAS (inside) 62.136.0.50 10.1.0.50 255.255.255.255

                        or

ALIAS (inside) xx.xx.xx.xx  ii.ii.ii.ii  255.255.255.255
Where xx.xx.xx.xx is the EXTERNAL address  and ii.ii.ii.ii  is the address on the DMZ


In version 7.0 the ALIAS command was depreciated - while it still works OK in Version 7.0, Cisco ASDM doesn`t support the ALIAS command

In PIX 7.0 upwards we will use a STATIC command instead

STATIC (dmz,inside) 62.136.0.50  10.1.0.50  netmask 255.255.255.255

                       or

STATIC (dmz,inside)  xx.xx.xx.xx  ii.ii.ii.ii  netmask 255.255.255.255
Where xx.xx.xx.xx is the EXTERNAL address  and ii.ii.ii.ii  is the address on the DMZ


Back to Security, hacker detection & forensics FAQ Index
Back to Security, hacker detection & forensics Forum

My Archive

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close