Re: Interesting question

Prav <Prav@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
> Here is the background.
> Just set up the external facing webserver which resides on the DMZ
> port of the cisco PIX. Pix has about 5 ipaddress (public static) that
> is mapped to 5 internal
> addresses with .3X subnet. The server is on the .3 subnet and the
> rest of the network with AD is on .2x subnet with the full trust from
> .2X to .3X.
> Running
> win2003 standard for the server OS.
>
> Here is the question.
> I have a test site created in the webserver and assigned to a ip
> address
> with .3.X
> that is mapped to 165.X.X.X outside. I can ping to the ipadress and
> the get to it
> from the browser from inside the .2X network and same from outside
> using the public 165.x.x.x address from outside. The problem is Since
> it is the same pix I cannot directly ping 165.x.x.x address from .2x
> network because I go out using one
> IP and then come back using another. I was told that it is by design.
> So in order to get to the website. abc.com from the internal network
> I setup a conditional forwarding on the dns server with abc.com and
> ip as .3.x but it does ping to that address.
>
> What is the best way to tackle this problem without me going to each
> client machine and creating the shortcut to the ipaddress of the
> webserver to get to abc.com. Thanks in advance

You should have an internal DNS server set up for internal clients that
resolves the names to the internal IP of the web server. No external clients
should see this DNS, and no internal clients should see the external DNS.

--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================


.

Relevant Pages

  • Re: SBS Prem on dual homed system HELP
    ... is server. ... > "chris landman" wrote in message ... I opened the 443 port and was not able to connect. ... >> a PIX and I heard that it can be stopping the traffic. ...
    (microsoft.public.windows.server.sbs)
  • Re: OWA Issues w/ small Bus. 2003 server
    ... I was able to connect to my pix firewall and enable logging- when i tried ... rejecting the http request to my internal host (exchange server) and looking ... don't know why sbs 2003 was setup this way bec. ... firewall to users on the Internet: ...
    (microsoft.public.exchange.admin)
  • Re: Firewall Frage
    ... Je nach dem welche PIX du dir zulegst, ist die PIX in der Anschaffung sogar ... günstiger als ein ISA Server! ... Nun zum Thema VPN: ...
    (microsoft.public.de.german.isaserver)
  • Re: Basic Question (dumb) regarding security
    ... It is not ok to host a public website on your SBS, but it is ok to host ... setup the network and the webserver properly so that only appropriate ... It would be less secure or meaningful to open more holes in ISA so ... Since ISA is an application server, ...
    (microsoft.public.windows.server.sbs)
  • Re: Server manchmal nicht =?UTF-8?B?w7xiZXIgUkRQIGVycmVpY2hiYXI=?=
    ... Both the host and the server can set the maximum segment size when they first establish a connection. ... If either maximum exceeds the value you set with the sysopt connection tcpmss command, then the PIX firewall overrides the maximum and inserts the value you set. ...
    (microsoft.public.de.german.windows.server.general)