Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > PIX Question about NAT

Reply
Thread Tools

PIX Question about NAT

 
 
Joe Hayes
Guest
Posts: n/a
 
      01-15-2005
I've got an SMTP virus-filtering gateway sitting on my DMZ with a private
address of 192.168.x.y. The public address is 12.a.b.c. From the gateway
itself, I need to originate an SMTP connection out to the public address so
mail can come back in and be forwarded correctly. This is because the DNS
on our DMZ returns a MX record with the public address for our domain rather
than the private address. Normally outgoing traffic from the DMZ to the
public network works without any problem, but I can't seem to connect to the
server's public address from the server itself. Any help would be
appreciated.


 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      01-15-2005
In article <U51Gd.91058$Ix2.50474@okepread02>,
Joe Hayes <(E-Mail Removed)> wrote:
:I've got an SMTP virus-filtering gateway sitting on my DMZ with a private
:address of 192.168.x.y. The public address is 12.a.b.c. From the gateway
:itself, I need to originate an SMTP connection out to the public address so
:mail can come back in and be forwarded correctly. This is because the DNS
n our DMZ returns a MX record with the public address for our domain rather
:than the private address. Normally outgoing traffic from the DMZ to the
ublic network works without any problem, but I can't seem to connect to the
:server's public address from the server itself. Any help would be
:appreciated.

You have three or more choices:

1) Change the DNS server to return the private IP address for the
MX record and add the 'dns' keyword to the 'static' statements.
The DNS server will return the private IP, but the PIX will
modify the DNS response to contain the public IP when the DNS record
goes outside.

2) Change the DNS server to impliment 'split views', so that the
DNS server recognizes whether the query is from inside or outside
and returns different results in the two cases.

3) Have the DMZ hosts uses a DNS server which resides outside,
have the DNS server return the public IPs, and use the 'dns' keyword
on the 'static' statements; this will cause the PIX to modify
the DNS response from outside to contain the private IP when the DNS
record comes inside.


All in all, you might find option #1 to be the easiest to impliment.
--
*We* are now the times. -- Wim Wenders (WoD)
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
PIX - mixing "nat 0 access-list" with nat/global pools Matthew Melbourne Cisco 2 02-12-2005 03:17 PM
tftp to srvr behind pix: use nat or no-nat? Jose Cisco 3 10-24-2004 02:42 PM
Pix to Pix tunnel through NAT Jose Ros Cisco 6 10-21-2004 08:35 PM
PIX Policy NAT: order of NAT commands Oleg Tipisov Cisco 4 08-13-2004 07:13 PM
Pix-to-Pix VPN - BOTH BOXES BEHIND NAT!!! Michael Gorsuch Cisco 1 10-24-2003 09:35 AM



Advertisments