I can't access
Thanks for your help.
can u ping host?
can u traceroute to host?
post results please
I can't ping
The trace route resolves the name to correct external IP
209.178.198.245 and reports Time Out!
Thanks
can you detail a little more of your network layout?
you have a win2k nameserver doing all your translations for internal computers?
PIX firewall | Cisco Router | ----------------------------------------------------- | |
192.168.11.0 192.168.5.0 subnet subnetYes.
Thanks
Are you sure the PIX is not DNS doctoring any DNS replies while flowing from inside to outside?
What Version software is the PIX running?
FW
PIX needs to map the 209.178.198.245 (internet) from DNS to
192.168.5.152 (the intranet). It is not doing it right now.PIX Version 6.1(1).
Thanks
alias (inside) 192.168.x.y 209.178.198.245 255.255.255.255
.. where 192.168.x.y is the IP address of the web server. Of course this presumes that the client is making an external DNS query and not an internal one.
Or
Upgrade your Pix to the latest version and use the 'dns' keyword on the static translation (preferred now over 'alias').
Chris.
Many thanks for your kind help. It is fixed now. Regards
Ah, you still haven't upgraded your PIX so as not to be potentially affected by the known security problems. The upgrade is free, and is fast once you've gotten all the paperwork out of the way...
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.