Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: PIX question. Cannot access global IP from inside

PIX question. Cannot access global IP from inside 11 years 3 months ago #9941

  • joec
  • joec's Avatar
  • Offline
  • New Member
  • Posts: 1
  • Karma: 0
Hi experts, the scenaior is, I have a PIX and I have 32 ip addresses.

I performed 1-to-1 mapping for global ip 202.x.x.1 ~30 to internal ip 192.168.x.1 ~30. Inside can access internet and the outside guys can access my servers, everything goes fine.

But one thing is one of my web server's global ip is 202.x.x.10, I can't access web via it's global ip address, however it's ok when I key in 192.168.x.10 in my browser.

Is there any way to get rid of it, to let me access the web server via it's global ip 202.x.x.10 whenever I am.

Thank you for helping me.
The administrator has disabled public write access.

PIX question. Cannot access global IP from inside 11 years 3 months ago #9943

  • duds4all
  • duds4all's Avatar
  • Offline
  • New Member
  • Posts: 3
  • Karma: 0
PIX firewall code 6.x.x limits the use of externally mapped ip address from inside..... In other words PIX firewall does not allow to reroute the packet from its own interface.. IF u try to use the public ip address from inside then the request has to be sent back to u from the same interface which is the outside interface... Which Pix firewall does not do it...

U can check the version 7 if it supports that but anything lower than 7 does not do it ....

Cheers...
The administrator has disabled public write access.

Re: PIX question. Cannot access global IP from inside 11 years 2 months ago #10314

  • Bublitz
  • Bublitz's Avatar
  • Offline
  • Senior Member
  • Posts: 301
  • Thank you received: 3
  • Karma: 2
I have this same probelm on my PIX. Actually i setup the default INside and outside interfaces with IPs. I cannot even ping each other.

Like ping inside 216.56.12.8
or ping outside 10.20.15.1

How is anything going to work period if you cant even have access the 2 interfaces?

Its a cisco pix 506-e i cannot find 7.0 IOS can they be upgraded or not?
The Bublitz
Systems Admin
Hospice of the Red River Valley
The administrator has disabled public write access.

Re: PIX question. Cannot access global IP from inside 11 years 2 months ago #10317

Guys,

The PIX historically has never permitted the ability to pass traffic out of the same interface traffic was reveiced from. This function is not just limited to the inside interface - it's any interface at any security level. This is a 'feature', one that Cisco advertises as a security feature. The PIX should not be considered a router, and as such, will not perform like one (even though it technically is, sort of...) PIX version 7 will not change this.

Anyway, that's the reason why you cannot access global IP addresses on the outside interface from the inside interface. Even with the ping command from the CLI.

To answer the other question about the 506... No, Cisco does not support the 506 or 506E under version 7 yet. Here's a note direct from their upgrade doc:

"PIX Version 7.0 runs on PIX 515/515E, PIX 525, and PIX 535, but is not supported on the PIX 501 or PIX 506/506E platforms at this time."

They didn't mention the 10000 or the 520, but if you know the PIX, they are antiques, and can barely run 6.x... (the 10000 can only run 5.2.9).

My question for you is why you are interested in using the Global IP address from the inside of your network in the first place? Why not just use the internal address? If it's DNS that is causing your problem there, then you should consider running an internal DNS server to over ride external IP address resolution for your internal devices/servers...

I hope this helps!
The administrator has disabled public write access.

Re: PIX question. Cannot access global IP from inside 11 years 2 months ago #10323

  • DaLight
  • DaLight's Avatar
  • Offline
  • Honored Member
  • Posts: 1302
  • Karma: 1
Welcome to firewall.cx, TheeGreatCornholio! Hopefully we'll be able to glean from your knowledge of the Cisco PIX range.
The administrator has disabled public write access.

Re: PIX question. Cannot access global IP from inside 11 years 2 months ago #10389

DaLight...

Glad to help out... but I make no guarantees :)

tGc
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.083 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup