Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Internal/External IP Device Access

Status
Not open for further replies.
Smithy10

Smithy10

Technical User
Joined
May 8, 2003
Messages
63
Location
GB
I have a Camera configured on my LAN with a specific port only allowed. A static (inside,outside) statement is configured and conduit statement is configured on the firewall to restrict/allow access through the firewall.

If we attempt to connect to its real IP address (internal to internal) no problem. If we attempt to connect to the DNS entry from inside the firewall we are unable to connect. Connection is possible over the Web as long as we are not on the internal network the actual device resides upon.
We are using a Cisco PIX firewall and access list etc are confured. Is this a general restriction with FIrewalls and Internall/External access ?
e.g Device Internal address is 192.168.100.200 with a specific port number so we can from IE connect to this on LAN. IF we attempt to connect from LAN to the "real" DNS world wide wibe entry we are unable to connect. although, if I connect from my home conenction device is fine.
 
Sort by date Sort by votes

Sounds like it's a internal DNS issue more than a Router/Firewall. Are you using an internal DNS server on your LAN? If so, put an entry in there for it the same as your ISP has for the server.

We had a simular sort of problem with a webServer running a DB App.

~ Remember - Nothing is Fool Proof to a Talented Fool ~
 
Upvote 0 Downvote
Sounds to me like a redirect issue..which the pix doesn't like.

Using your DNS, your traffic hits your PIX (assuming it's the default gateway to the internet) and then wants to come back into your LAN. Because the PIX doesn't want to pass traffic back to the same interface which it entered, you can't get to where you want to.

When you use the real 192.168.x.x ip, you were able to connect fine since you just want to the destination directly.

Check out the logs on the PIX and let us know if this is the case.
 
Upvote 0 Downvote
May be a silly question, I have logging turned on the PIX firewall "logging on" so what and how is the bets way to look at this info. show logging just shows the status not the information.
Appreciate details
 
Upvote 0 Downvote
You've enabled logging, but haven't told it what to log.

Try this command:

logging buffered informational
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

B
  • Locked
  • Question Question
Cisco IP phone 7841 8851 unable to forward all to external number
Replies
0
Views
393
badwolf1686
B
jobsp90
  • Locked
  • Question Question
I have a issue in my office hospital network regarding using IPPBX software.
Replies
2
Views
512
DavetheChef
DavetheChef
Gartech
  • Locked
  • Question Question
LAN Port Test Device
Replies
3
Views
458
ipohead
ipohead
stanlyn
  • Locked
  • Question Question
HowTo Install Multiple PAP2T ATA Devices on Same Lan
Replies
3
Views
641
iggsterman
iggsterman
dchapman00
  • Locked
  • Question Question
Cisco 7961 external busy lamp
Replies
0
Views
204
dchapman00
dchapman00

Part and Inventory Search

Sponsor

Back
Top