Cannot access the Web server in the DMZ from the inside using IP global

Hi all

I hope it's a very simple question.

I'm running a PIX 515 firewall v6.3. I set up a Web server in my DMZ and use static NAT for re-branded it overall static IP address. Access from the outside of the demilitarized zone works remarkably well. I can access inside the interface Web site using the internal IP, but I can't access it from inside interface using the global IP are entrusted to him.

Is there a particular reason why this would not be allowed? My feeling was that the request would be forwarded via the external interface (as it is a global IP address) and then be bounced back by my sense of the ISP the request would come to the new external interface (as the static NAT is applied to the external interface).

However if I try and access the global IP from my inside interface, then the browser can not find the server.

can someone explain why this is so? Any information would be appreciated.

see you soon,

Wayne

---------------------------------

6.3 (3) version PIX

interface ethernet0 100full

interface ethernet1 100full

interface ethernet2 100full

ethernet0 nameif outside security0

nameif ethernet1 inside the security100

nameif dmz security50 ethernet2

hostname helmsdeep

domain p2h.com.sg

fixup protocol dns-length maximum 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol they 389

no correction protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol 2000 skinny

fixup protocol smtp 25

No fixup protocol sqlnet 1521

fixup protocol tftp 69

names of

acl_out list access permit tcp any host 203.169.113.110 eq www

access-list 90 allow the host tcp 10.1.1.27 all

pager lines 24

debug logging in buffered memory

Outside 1500 MTU

Within 1500 MTU

MTU 1500 dmz

IP address outside pppoe setroute

IP address inside 192.168.1.1 255.255.255.0

dmz 10.1.1.1 IP address 255.255.255.0

no failover

failover timeout 0:00:00

failover poll 15

No IP failover outdoors

No IP failover inside

no failover ip address dmz

location of PDM 202.164.169.42 255.255.255.255 inside

location of PDM 202.164.169.42 255.255.255.255 dmz

location of PDM 10.1.1.26 255.255.255.255 dmz

location of PDM 10.1.1.26 255.255.255.255 outside

location of PDM 172.16.16.20 255.255.255.255 outside

location of PDM 192.168.1.222 255.255.255.255 inside

history of PDM activate

ARP timeout 14400

Global 1 interface (outside)

Global (dmz) 1 10.1.1.101 - 10.1.1.125

NAT (inside) 1 0.0.0.0 0.0.0.0 0 0

NAT (dmz) 0-list of access 90

NAT (dmz) 1 0.0.0.0 0.0.0.0 0 0

static (dmz, external) 203.169.113.110 10.1.1.27 netmask 255.255.255.255 0 0

Access-group acl_out in interface outside

Timeout xlate 03:00

Timeout conn 01:00 half-closed 0:10:00 udp 0: CPP 02:00 0:10:00 01:00 h225

H323 timeout 0:05:00 mgcp 0: sip from 05:00 0:30:00 sip_media 0:02:00

Timeout, uauth 0:05:00 absolute

GANYMEDE + Protocol Ganymede + AAA-server

RADIUS Protocol RADIUS AAA server

AAA-server local LOCAL Protocol

Enable http server

http 192.168.1.222 255.255.255.255 inside

enable floodguard

string fragment 1

Console timeout 0

Terminal width 80

Code v6 pix or less don't let you have traffic "back" or return flow via the same interface on which it was sent. Having also your bounce back off of an external server traffic is never a good idea, because you won't be able to distinguish which and rogue attacks by spoofing someone outside your network.

Since you are using pix 6.3 code, you may be able to outside the NAT. Add this static to your config:

static (dmz, upside down) 203.169.113.110 10.1.1.27 netmask 255.255.255.255 0 0

You may need to run a clear xlate after adding the new static statement. Note that the interfaces: it's demilitarized zone, inside inside, dmz.

I would like to know if it works.

Tags: Cisco Security

Similar Questions

  • Cannot access the internet using the account invited in Vista. Unable to access using the administrator account.

    This one is strange - and I repeat that the problem is that I can't access the internet by using the administrator account.  The guest account works fine.  All programs are there and launch the fine (IE, Live Messenger, Yahoo Messenger, etc.), but they cling right there when I try to log on or access to any Web site.

    While in the administrator account, I ran "CMD" in the run menu and can ping Yahoo, Google, etc. with success.  It's embarrassing - any ideas how the administrator account can act that way then the guest account works perfectly?

    Hello Allen LaBrune,.

    If you are able to ping the websites from the command prompt, it means that your computer connectivity is fine.

    ·         What is the antivirus installed on your computer protection software?

    ·         Have you tried to browse by disabling the firewall?

    Try disabling the firewall on the computer and check if you are able to navigate.

    If this does not work, reset Internet Explorer settings and check if you can browse.

    To use the feature reset the settings of Internet Explorer in the Control Panel, follow these steps:

    1. exit all programs, including Internet Explorer (if it is running).

    2. If you are using Windows Vista, click Start, type the following command in the start search box and press ENTER:

    Inetcpl.cpl

    The Internet Options dialog box appears.

    3. click on the Advanced tab.

    4. Under Reset Internet Explorer settings, click Reset. Then click again on reset.

    5. when Internet Explorer has finished resetting the settings, click close in the reset Internet Explorer settings dialog.

    6. restart Internet Explorer.

    For you reference, you can visit the link for the following Article:
    http://support.Microsoft.com/kb/923737

    Thank you

    Irfan H, Engineer Support Microsoft Answers. Visit our Microsoft answers feedback Forum and let us know what you think.

  • Cannot access the network using WiFi hotspot

    I have a lenovo ideapad z570 running windows 7 ultimate, processor intel pentium cpu B950 @2.10 GHZ 2 GB ram and 64-bit operating system. My problem is that when I create a wifi hotspot via intel my wifi technology, I so can not access the network on my android phone or the playstation 3. There is a sign yellow triangle on the wireless icon and I have the cursor on it, she reads, access to the internet network, unidentified network no internet access. I tried to update all the drivers, I even reinstalled the operating system after a wipe, same result. I tried to use programs such as connectify but same result. Please help me

    Original title: network

    There is a sign yellow triangle on the wireless icon and I have the cursor on it, she reads, access to the internet network, unidentified network no internet access. I tried to update all the drivers, I even reinstalled the operating system after a wipe, same result. I tried to use programs such as connectify but same result. Please help me

    Hello

    You try to use the Add-hock network so that you can access ac in android are as good as play station unit
    Like you would have checked in the id network properties material and device id, it yellow list means problem with driver, please try to update the BIOS and the driver appropriate with the hardware ID, if possible to install from the laptop power management

    IdeaPad Z570.please press fn + f5 and check the layout state of WIFI is turned on, current state should off
    Download these drivers and install it, then try again
    http://download.Lenovo.com/userfiles/Driver/en/downloads%20and%20Drivers/Z570/Win7/IN1WLN90WW5.exe

    http://download.Lenovo.com/userfiles/Driver/en/downloads%20and%20Drivers/Z370Z470/IN8STW09WW5.exe
    http://download.Lenovo.com/userfiles/Driver/en/downloads%20and%20Drivers/Z570/Win7/IN1MEI08WW5.exe
    http://download.Lenovo.com/userfiles/Driver/en/downloads%20and%20Drivers/Z570/Win7/IN1CHP30WW5.exe

  • CANNOT ACCESS THE FILE USING UTL_FILE

    I created using mon_repertoire
    create or replace directory mon_repertoire as 'd:\try ';

    then I did
    GRANT read, write on DIRECTORY mon_repertoire TO scott;

    then I create a following procedure d...


    Create or replace procedure UTLTEST as
    utl_file.file_type F1.
    Start
    -Open a file in write mode
    F1: is utl_file.fopen('MY_DIR','newfile.txt','W');.
    -Write a line to a file
    UTL_FILE.put_line (f1, 1.) "This is a test of package UTL_FILE);
    UTL_FILE.put_line (f1 2), Oracle has added a new procedure in the package ');
    UTL_FILE.put_line (f1 3), Let's see together the procedure one ');
    -Closes a file
    UTL_FILE.fclose (F1);
    end;

    I got the following errors:


    ERROR on line 1:
    ORA-29283: invalid file operation
    ORA-06512: at "SYS." UTL_FILE", line 475
    ORA-29283: invalid file operation
    ORA-06512: at "SCOTT. UTLTEST', line 5
    ORA-06512: at line 1


    How can I do this task?

    Hello

    Create an inventory of items that points to a physical directory on the server.

    If the path to the physical directory in the db server is D:\applications

    Then,
    Simply create the directory as object

    CREATE or replace directory mon_repertoire is "D:\applications";

    Then try your coding plsql.

  • Cannot access the internet using a wireless connection via ATT Uverse using laptop computer with Windows XP

    My wireless Internet connection has stopped working when I converted to ATT DSL to ATT Uverse.  My laptop sees the network and says I'm connected with all the green "bars".  However, when I try to connect to the internet I have two things to happen.  Either I get a long period which ends with the message that I can't connect to the network.  Or - I can connect to the internet for a very short period of time - a part of a screen is displayed and then crashes.  I entered the codes of security several times to ensure accuracy.  How to solve this problem?

    Hello, I am an AT & T technician. It is a known problem with the NVG589, Microsoft Vista and XP.

    You can find more information, including possible workarounds for this problem here:

    http://www.att.com/eSupport/article.jsp?SID=KB92052&CV=820#fBid=6vEbMNmgXBq

    If anyone has additional information, I would certainly appreciate it. A tech, the fix for this issue is important.

  • Adobe Lightroom 2015.2.1 - cannot access the images using the import option "browse the computer."

    Hi all

    I just downloaded and installed Lightroom 2015.2.1. When I click "Import", I gives me a few options to choose from, one of them is "browse the computer." Choose this option by opening the folder that I need, there is no images displayed and the folder appears empty with a title "no element not corresponding to your search. This is true for ALL folders on my computer.

    What's weird, is that if I click on "selecting a folder" at the lower right part of the window, the pictures in this folder will BE imported even though when the folder is opened, they are not displayed. However, I want to select specific images and does not import the entire folder.

    What happens and how can I fix?

    I saw another thread with a few days of a person having the same problem, but without a fix.

    "Browse computer" only shows you the folders.

    Select a folder by clicking with the mouse, click the [Select Folder] button, then the import window will show the files in this folder, where you can select/Disable-preset images.

    The window shows "no found photos" If the folder is empty OR the images were previously imported.

  • Just upgraded to El Capitan and cannot access the calendar. It opens with a "Shift schedules to the server" message Can only Force Quit

    Just upgraded to El Capitan and cannot access the calendar. It opens with a message 'Moving calendars to the server.

    I cannot access all features and can be closed only by using force quit.

    Please stop calendar and also the application of reminders, runs. Force quit if necessary.

    Back up all data.

    If you synchronize some of your calendars, or reminders with iCloud, then in the iCloud preferences window, uncheck that marked calendars and reminders. You will be prompted to confirm that you want to remove your iCloud calendars and reminders of the computer. They will always be in iCloud. Re-check the boxes.

    If you synchronize agendas or reminders with another network such as Google service, please open the preferences panel Internet accounts. Make a note of the settings for calendar accounts, then delete and recreate.

    Launch schedule and see if there is an improvement.

  • "Windows cannot access the specified device, path or file" for each X 86 application on a Windows 2003 x 64 server

    Hello

    I have a Windows 2003 X 64 server and since a week ago everything works fine.

    For a week or two when I try to run an X 86 application, I always get this error:
    "Windows cannot access the specified device, path or file.
    If I run a x 64 apps everything works fine.
    What made a mistake?
    Thank you

    Hello

    Your question is more complex than what is generally answered in the Microsoft Answers forums. It is better suited for Windows Server on TechNet. Please post your question in the TechNet forums. You can follow the link to your question:

    http://social.technet.Microsoft.com/forums/en/category/WindowsServer/

  • Email connection problems: cannot access the requested url due to the system on that server error

    How can I get my email on when I get the above message

    Cannot access the url reqested due tosystem error on this server

    Apparently, there is a problem on the mail server. Contact technical support for your email provider. MS - MVP - Elephant Boy computers - don't panic!

  • a computer laptop, internet is accessible only if proxyserver offline, my office internet is accessible with the proxy server. without him we cannot access the internet.

    I am faced with a kind of strange and unusual error. in my office, the internet is accessible with the proxy server. without him we cannot access the internet. However, there is a laptop computer on which some time the internet is accessible only when I leave the proxyserver only on that machine... any idea?

    Hello

    Work on a domain environment?

    Changing the proxy settings is something that you usually only have to do if you connect to the Internet via a corporate network. By default, Internet Explorer automatically detects proxy settings. However, you may need to manually set a proxy with information supplied by your network administrator.

    If you are on a domain environment then please post the question on the link mentioned below using:
    http://social.technet.Microsoft.com/forums/en/w7itpronetworking/threads

  • Cannot access the server message coming up and cannot convert files

    Cannot access the server message coming up and can't convert the files. Works on my desktop, but not at home.

    ER

    Is it ExportPDF?

  • BI SampleAppFiles Server cannot access the correct file

    Hello experts,

    Part of my project is creation of KPIs for my clients. Before doing all this, I'm trying to create a KPI sample and see if it works well.   It is using 11g (1.1.7).

    Here's the problem: I created the sample KPI without problem; However, when I try to open the report I get an error that

    State: HY000. Code: 10058. [NQODBC] [SQL_STATE: HY000] [nQSError: 10058] A general error occurred. [nQSError: 43113] The message returned by OBIS. [nQSError: 64023] Cannot access the E:\BIHOME\instances\instance1\bifoundation\OracleBIServerComponent\coreapplication_obis1/sample/SampleAppFiles/Data/SAMP_REVENUE_A.xml: no such file or directory for table SAMP_REVENUE_A (HY000)

    The path is correct, except instead (E:\), it should be (C:\).  Does anyone know how to change this? Help, please.

    I don't have a 'E' drive in my system. This forum works on windows

    Help, please

    Hello

    In the sample OBIEE, you have a variable called BI_EE_HOME with this path

    To change this, open your SPR (online mode) and then change repository variable BI_EE_HOME

    We call this variable in your connection pool (you can change this path directly on the connection pool too)

    Felipe Idalgo

  • I cannot access the application "contact me" when a website, get error "Default Mail Client not properly installed."

    I cannot access the application 'contact me' when a web site and receive the answer "Default Mail Client not properly installed" instead of going on the requested site.

    How can I fix this problem?

    Separated from the:

    http://answers.Microsoft.com/en-us/IE/Forum/IE8-windows_other/IE8-default-mail-client-not-properly-installed/23c2a9e1-d1fa-4a50-aeb1-90a6f2af717f

    CrystalBall © SEZ...

    Unlike Windows XP & Vista, Windows 7 does not include a default email Client. [What were thinking?]

    You will need to install a (e.g. MS Outlook;) Windows Live Mail; Thunderbird) , and then set it as a default for mail in CUSTOM (<>) article in Set Program Access and defaults of the computer , then restart your computer before any function send to or MailTo will become available.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    In these forums, you will find support for Windows Live Mail: http://windowslivehelp.com/forums.aspx?productid=15

  • Receives the following message after opening a downloaded game: 'Windows cannot access the specified device, path or file. You can not have the appropriate permissions to access the item.

    Hello!
    So I'm at the end of my rope with this one... it lasts for months, and I keep revisitng every two weeks to try and fix that and every time to be completely frustrated.  I found this forum tonight, so here goes...

    We downloaded a few games on the HP Games Web site.  We download them and everything works fine.  Then, we will open the games and this pop up error message:
    "Windows cannot access the specified device, path or file.  You can not have the appropriate permissions to access the item.

    These games used to run fine, and I have no idea why they now have problems.  We have a Vista operating system, 1 account who is the administrator, the Parental control is disabled (or if we believe).

    If anyone can please help it would be much appreciated!  We have a monthly membership to this site of game and continue to accumulate credits, but may not use it.  It makes us crazy!

    Thank you in advance!

    Hello Heathie,

    Thank you for posting.  It seems that the program is no longer on your computer.  This can happen if the game files are deleted, but the game itself has not been uninstalled correctly.  I recommend you to download the game again to a location on your computer where you can easily find and install it.  This should fix the problem.

    Please let me know if this helps you.
    Zack
    Engineer Microsoft Support answers visit our Microsoft answers feedback Forum and let us know what you think.

  • Jpg file printing - windows cannot access the specified device, path, file

    Original title: I have a similar problem, I can open the jpg fine, I can't print it

    I have a similar problem, I open the jpg fine, I can't print it, permissions are fine. I get the same erorr-windows cannot access the specified device, path, file...

    Hi Janine.

    1. are you able to print documents?

    2. the problem occurs only with a particular image file?

    3. how the printer is connected to the computer?

    4. What is the brand and model of the computer and the printer?

    5. have you logged as administrator?

    Method 1:

    First of all, try to print a test page and check if it works:

    To print a test page

    http://www.Microsoft.com/resources/documentation/Windows/XP/all/proddocs/en-us/print_test_page.mspx?mfr=true

    Method 2:

    I suggest you check out the link to use the System File Checker tool (SFC) to troubleshoot missing or corrupted system files in Windows:

    Description of Windows XP and Windows Server 2003 System File Checker (Sfc.exe)

    Note: you must have the Windows XP disc to make the SFC scan.

    Method 3:

    I suggest you to turn off all third-party security software and the Windows Firewall and then try to print the file:

    How to change or remove a program in Windows XP

    http://support.Microsoft.com/kb/307895

    How can I turn on or turn off the firewall in Windows XP Service Pack 2 or later versions?

    http://support.Microsoft.com/kb/283673

    Note: run the computer without antivirus software or firewall is a potential threat to the computer; Be sure to activate security software after completing the troubleshooting steps and after identifying the problem.

    Let us know the results.

Maybe you are looking for