Hi you guys,
We are currently in the process to replace our firewall with a Cisco pix 515. I?ve set it up in a testing environment in order to make a replica of the network so I can test everything. The way the network is setup right now we use NAT to translate the internet ip?s to the internal ones (i.e. ip 18.104.22.168 gets translated to 172.25.0.12) for the websites hosted on the network.
On the pix firewall I?ve tried to recreate the same situation. It all works like a charm except for one thing. We are using a logfile analyzer which uses the logfiles to create reports and it also checks the corresponding page titles by http to make the reports prettier and easier to understand.
Thus far I?ve been unable to get this working with the pix firewall. I think it is related to the fact that it queries the nameserver to get the ip of the website (which will return the internet ip of the site) and then tries to connect to it through the gateway (which is the Pix firewall) since the ip isn?t in the local network. I guess the Pix does not know what to with this or can?t `redirect? the request to the appropriate internal ip.
The Pix setup is very basic. I?m using static ip mappings and created filters to allow http traffic to the webservers. All traffic is allowed from the internal interface to external (for now ;-)
Is there anyway to make this work like the way it is in the old environment? Or is there something I overlooked that needs to be configured?
Thanks in advance,