1. Home
  2. Cisco Systems
  3. Help for setting up nat on a pix 506E

Help for setting up nat on a pix 506E

Hello, I need advice on the following issue :

I have a web server (redhat) with 2 nics one has an external published ip address actually in use (dns entry pointing to external ip) other is internal ip adress . I planned to set that server in the nat side only.

so if switched off the the public nic. changed the gateway on the web server to use the pix.(on the internal nic) added a nat rule that would send all traffic requested to the public ip to the internal nic of the web server but no luck ! the logs in the firewall tell me that it can't find the next router. no traffic is going out from the web server or in to the web server .

and all cables nics from the web server or the pix go to the same switch.

if I nat my web server to any other public ip address I have in my pool, it works !

can anyone help ? thanks Vincent

Reply to
vince
Loading thread data ...

maybe you have arp issues if the same IP went from the Linux box to the PIX. What is your outside PIX connected to ? it may need a clear arp ,... or just wait a couple of hours .

Reply to
mcaissie

Hi Mcaissie and thanks

I had flushed the arp table on both the pix and the web server after turning the public nic off and then added the public ip to the nat rules. waiting a couple of hours, alas ! , is not an option for me . my 'allowed' downtime for the web is at best a couple of minutes by client.

Vincent

"mcaissie" a écrit dans le message de news:sAFcg.21897$zn1.6170@clgrps13...

Reply to
vince

The problem is more on the router on wich the outside of your PIX is connected to.

It's the device that would need a clear arp. If it's a device that you don't have access, cannot request a clear arp, or cannot reboot , you'll be stuck with your problem.

The only other way would be to take another IP and change your dns entries...

Reply to
mcaissie

I guess I will need to get in touch with the people that administer the next device .hopefully they will agree ot the change. the ip and dns change would take too long to propagate thanks for your help vincent

"mcaissie" a écrit dans le message de news:zdGcg.21904$zn1.19995@clgrps13...

Reply to
vince

You still have another possibility,

1-keep the Linux public nic up 2-Do a translation in the PIX for your Linux internal nic with another public address. 3-Verify that your web server can answer to both addresses. 4-If so make your dns change 5-Once the propagation is completed , disable your Linux public nic

Reply to
mcaissie

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.