PIX 501 - resolving internal host ip with public ip

Discussion in 'Cisco' started by ERG, Mar 9, 2007.

  1. ERG

    ERG Guest

    I'm new to Cisco routers, and I have a simple question. Why can I not
    resolve to my internal host with the public IP address I have assigned
    to it?

    Here is my example:

    mail server (example local ip: 192.168.2.5, example external ip
    60.66.55.55). I would like to access the mail server by the public IP
    from inside the network. The current setup is blocking that, and I
    don't know to define what I want to do, if there is a term for it. Any
    help is appreciated.
     
    ERG, Mar 9, 2007
    #1
    1. Advertisements

  2. ERG

    Trendkill Guest

    By default, the PIX is blocking this traffic. Here is a link to a
    post from a few days ago regarding a very similar problem, although
    this one was web and not email. Here:

    http://groups.google.com/group/comp...9ad771b2a?lnk=gst&q=&rnum=21#f7dd8da9ad771b2a

    The last post has info on fixing, as it relates to alias.
     
    Trendkill, Mar 9, 2007
    #2
    1. Advertisements

  3. You cannot do that with a PIX 501. The other poster's suggestion of
    using an alias will not work.

    You could get it to work if you were accessing by host -name-, but
    not by host -address- -- not without adding extra hardware.

    Why? Because it is a security feature. In order for it to work, the
    PIX would have to accept packets on its inside interface that were
    addressed to the public IP, and would have to translate them and
    send them back to the inside interface. PIX 6 is designed to never
    allow packets to enter the PIX by one interface and leave by the same
    interface. (PIX 7 permits it in some circumstances, but the PIX 501
    cannot run PIX 7.)
     
    Walter Roberson, Mar 11, 2007
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.