Why can't I see domains on the inside of my PIX 501???

Hi all, I have a PIX 501 that is giving me fits. When I am inside the firewall, and I try to go to a domain

formatting link
that is hosted on a machine inside the firewall, I get page cannot be displayed. I can get to any other domain
formatting link
but when I try to pop, smtp, web, anything, to a domain that is hosted on a server inside of my PIX, it fails.....

Any clues??

Also, not sure if it is related, but when people VPN into the PIX using PPTP, they cannot browse the internet. I can post my config if it helps...

Thanks guys!!

Josh

Reply to
joshkeely
Loading thread data ...

It's because the dns resolve your server with it's outside address, and you cannot access an inside server using it's translated outside address from the inside. But there is a simple solution for this , you just need to add the "dns" parameter in your static command and the PIX will check the dns calls and make the translation .

static (inside,outside) [outside IP] [inside IP] dns netmask 255.255.255.0 0

0

Do you have a split-tunnel command in your vpngroup. It will instruct the client to use the tunnel only for the traffic specified by the acl.

vpngroup name split-tunnel splitacl

access-list splitacl permit ip [inside IP] [local pool IP]

Reply to
mcaissie

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.