I have a pix 520 running 4.2(2)
Below is my configuration. First 3 octets of the outside IP?s have been changed to 0.1.2
Problem:
When accessing
Is their another way to do this without relying on a separate internal DNS server? Maybe a static (outside,inside) directive? Or something else?
Any help would be appreciated.
: Saved : PIX Version 4.2(2) nameif ethernet0 outside security0 nameif ethernet1 inside security100 fixup protocol http 80 fixup protocol http 443 no failover failover timeout 0:00:00 failover ip address outside 0.0.0.0 failover ip address inside 0.0.0.0 no names no pager no logging console no logging monitor no logging buffered logging trap notifications logging facility 17 logging host inside 192.168.168.19 interface ethernet0 auto interface ethernet1 auto ip address outside 0.1.2.221 255.255.255.240 ip address inside 192.168.168.1 255.255.255.0 arp timeout 14400 global (outside) 1 0.1.2.220-0.1.2.220 netmask 255.0.0.0 nat (inside) 1 192.168.168.0 255.255.255.0 0 0 static (inside,outside) 0.1.2.209 192.168.168.10 netmask 255.255.255.255 0 0 static (inside,outside) 0.1.2.210 192.168.168.11 netmask 255.255.255.255 0 0 static (inside,outside) 0.1.2.211 192.168.168.16 netmask 255.255.255.255 0 0 static (inside,outside) 0.1.2.212 192.168.168.19 netmask 255.255.255.255 0 0 static (inside,outside) 0.1.2.213 192.168.168.14 netmask 255.255.255.255 0 0 static (inside,outside) 0.1.2.214 192.168.168.15 netmask 255.255.255.255 0 0 static (inside,outside) 0.1.2.215 192.168.168.17 netmask 255.255.255.255 0 0 static (inside,outside) 0.1.2.217 192.168.168.60 netmask 255.255.255.255 0 0 static (inside,outside) 0.1.2.216 192.168.168.51 netmask 255.255.255.255 0 0 conduit permit tcp host 0.1.2.209 eq domain any conduit permit udp host 0.1.2.209 eq domain any conduit permit tcp host 0.1.2.209 eq www any conduit permit tcp host 0.1.2.209 eq 443 any conduit permit tcp host 0.1.2.209 eq 8081 any conduit permit tcp host 0.1.2.209 eq 8444 any conduit permit tcp host 0.1.2.210 eq ident any conduit permit tcp host 0.1.2.210 eq 1080 any conduit permit tcp host 0.1.2.210 eq 6014 any conduit permit tcp host 0.1.2.210 range 6660 6670 any conduit permit tcp host 0.1.2.210 eq 1024 any conduit permit tcp host 0.1.2.210 eq 7000 any conduit permit tcp host 0.1.2.210 eq 7443 any conduit permit tcp host 0.1.2.210 eq 6443 any conduit permit tcp host 0.1.2.210 eq domain any conduit permit udp host 0.1.2.210 eq domain any conduit permit tcp host 0.1.2.210 eq www any conduit permit tcp host 0.1.2.211 eq smtp any conduit permit tcp host 0.1.2.211 eq www any conduit permit tcp host 0.1.2.211 eq pop3 any conduit permit tcp host 0.1.2.211 eq ident any conduit permit tcp host 0.1.2.211 eq 443 any conduit permit tcp host 0.1.2.211 eq 587 any conduit permit udp host 0.1.2.211 eq 6277 any conduit permit tcp host 0.1.2.213 eq 8767 any conduit permit udp host 0.1.2.213 eq 8767 any conduit permit tcp host 0.1.2.213 eq 51234 any conduit permit udp host 0.1.2.213 eq 51234 any conduit permit tcp host 0.1.2.215 eq 6014 any conduit permit tcp host 0.1.2.215 range 6660 6670 any conduit permit tcp host 0.1.2.215 eq 1024 any conduit permit tcp host 0.1.2.215 eq 7000 any conduit permit tcp host 0.1.2.215 eq 7443 any conduit permit tcp host 0.1.2.215 eq 6443 any conduit permit icmp any any echo-reply conduit permit tcp host 0.1.2.211 eq nntp any conduit permit udp host 0.1.2.211 eq ntp any conduit permit tcp host 0.1.2.209 eq ftp any conduit permit tcp host 0.1.2.209 eq ftp-data any conduit permit tcp host 0.1.2.212 eq 22 any conduit permit udp host 0.1.2.214 eq 27960 any conduit permit tcp any eq 1723 host 209.234.162.131 conduit permit gre any host 209.234.162.131 conduit permit icmp any any time-exceeded conduit permit icmp any any unreachable route outside 0.0.0.0 0.0.0.0 0.1.2.222 1 timeout xlate 3:00:00 conn 1:00:00 udp 0:02:00 timeout rpc 0:10:00 h323 0:05:00 timeout uauth 0:00:00 absolute snmp-server host inside 192.168.168.19 telnet 192.168.168.0 255.255.255.0 mtu outside 1500 mtu inside 1500 Smallest mtu: 1500 floodguard 1 tcpchecksum verbose