problem with connection from inside to DMZ via global IP

I think I'm right by stating that because the outside IP is related to the outside interface and because PIX only allows traffic that passes through both interfaces it will not work. Try using a DNS statement on the PIX that matches the external IP address, the PIX will then re- route traffic so that it reaches the DMZ server.

Dave

DNS? what for? I use IP not name when i want to connet to dmz web server. i do not uderstand your solution, could you bring some details?

Wojtek

Hi,

I don't know the exact command. But instead of using an IP, setup a DNS name for the DMZ server on the PIX, when you use a browser the DNS on the pix will resolve the external DNS name to the internal IP. That's all you can do. Using IP I think is not an option. Sorry I can't be more helpful.

Dave

i do not think it is right solution. i can put name and DMZ IP to local DNS but it will not resolve my problem with global IP. thanks for your help - it is better than nothing.

i can add that if i have proxy in brownser i see site from web serwer in DMZ via global IP - but it is nothing unusual

yes, dave is right, you can not access the outside interface like that.

You need to run what is often called split DNS.

In a nutshell, your DNS server returns a different answer depending on where the request is coming from; i.e. requests from an internal network address get an reply with an internal IP address, external requests get an reply with an external address.

OK.i see your point. thanks Dave, Rod. Split DNS is an option. i faoud some articles on web an i am reading right now.

thanks