I'm working on configuring our internal web server 192.x.x.x and our public ip 202.x.x.x with FQDN abc.com to have access both internally and externally.
So far, i have successfully setup NAT and Security rules that is now allowing Internal users to access 192.x.x.x and external users to access 202.x.x.x and abc.com - I believe that when I configured a bi-directional NAT that made it work. Source is 192.x.x.x and destination any with source translation of static 202.x.x.x bi-directional:yes.
But now the issue i am facing is that internal users can't access abc.com internally. What i have done is setup a U-turn NAT with it's destination address to be abc.com and it's destination translation address of 192.x.x.x and source translation of dynamic-ip and port - LAN interface and LAN subnet 192.x.x.x/24.
In my mind this u-turn nat will direct any source that has a destination of abc.com to be translated to 192.x.x.x hence it's now able to access the web server internally. What im wondering is, with this u-turn nat configuration should i still retain the bi-directional nat or both NAT rules are needed and are doing different things im confused..
Also, the session is only accessible via HTTP and not HTTPS even though both port 80 and port 443 is allowed on the security rules. Will Palo Alto (PA-500) be responsible in SSL encryption to the site on 202.x.x.x abc.com?
I'll be thankful for any inputs regarding this.
No comments:
Post a Comment