Unable to connect to natted public IP on same network behind pix

By mike.bullock ·
I have a situation that I would normally resolve by setting up fake internal DNS zones that resolve to the private IP, but in this case it isn't an option. So I need to know if it is possible (feaseable or a bad idea) to connect to the natted public IP of a server from another system on its same network.

Here is a brief example:

Server nat to 66.xx.xx.70
port 80,443 exposed on fw

Admin workstation on same subnet

Cannot hit 66.xx.xx.70 from

Firewall logs show a built connection, but no traffic ever flows.

Any suggestions would be appreciated.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Have you tried

by cmiller5400 In reply to Unable to connect to natt ...

Have you tried sniffing the traffic to see where it is failing? Wireshark is a good one if you don't have a sniffer.

Collapse -

No but...

by mike.bullock In reply to Have you tried

It seems to be an implementation issue with the pix firewall because all of the numerous systems on that network exhibit the same behaviour as my previous example.

I guess my question remains, can it be done. I just haven't seen a post out there that mirrors the situation, but I'm sure someone has run into it.

Related Discussions

Related Forums