PIX - Alias - Outside NAT

Discussion in 'Cisco' started by gencode, Mar 17, 2006.

  1. gencode

    gencode Guest

    I have an internal web server that has an external web address
    64.x.x.x

    My problem is when I try to access it via the web browser it can't
    find it

    When I change my url in my host file to
    10.x.x.x

    It works fine

    I found that the Alias command should work, but messes up the PDM and
    says not supported

    So I think I need to use the
    Outside NAT

    I am not really sure how to do this, and when I tried it did not seem
    to work, can someone help me out with this command.

    My initial thought was either

    static 10.x.x.x 64.x.x.x netmask 255.255.255.255
    or
    static 64.x.x.x 10.x.x.x netmask 255.255.255.255


    But it did not seem to work.

    When I tried the
    alias 10.x.x.x 64.x.x.x 255.255.255.255

    and I pinged <myurl.com> internally it did redirect and resolve to
    10.x.x.x but got timeouts

    So am I missing something in the access list or something, maybe an
    access rule?

    Id rather not use the alias if possible...if someone could list the
    commands that I need to put in that would be wonderful

    Thanks, Ed,
    gencode, Mar 17, 2006
    #1
    1. Advertising

  2. In article <>,
    gencode <> wrote:
    >I have an internal web server that has an external web address
    >64.x.x.x


    >My problem is when I try to access it via the web browser it can't
    >find it


    >When I change my url in my host file to
    >10.x.x.x


    >It works fine


    That suggests to me that you are trying to access it from -inside-
    the firewall ?


    >I found that the Alias command should work, but messes up the PDM and
    >says not supported


    >So I think I need to use the
    >Outside NAT


    NO to 'alias' and NO to 'outside nat'.


    >So am I missing something in the access list or something, maybe an
    >access rule?


    No, you are just trying to get the PIX to do something it
    cannot do.


    >Id rather not use the alias if possible...if someone could list the
    >commands that I need to put in that would be wonderful


    Would I be correct in my guess that you have an internal DNS
    server? If so, then change the DNS server to use the *internal*
    IP address for the host, and then on the 'static' command that
    maps between the 64.* address and the 10.* address, add the
    keyword 'dns'. Adding that keyword will cause the PIX dns "fixup"
    to notice the 10.* address appearing in outgoing DNS packets,
    and to alter it to the 64.* address. In this way, the internal
    hosts get the internal address because they do not go through
    the PIX, and the external hosts get the external address because
    the PIX changes the internal to external when the DNS packet goes out.

    If your DNS server is external, then the solution is still to
    add the 'dns' keyword to the 'static' command: when you do that,
    the PIX will notice the 64.* address in the -incoming- DNS
    packets, and will alter it to the 10.* address that your internal
    hosts need to know.
    Walter Roberson, Mar 18, 2006
    #2
    1. Advertising

  3. gencode

    gencode Guest

    Thanks, well I am a .NET developer and not too sure of myself on
    working and the commands

    For both these scenarios would the new command be

    static dns 63.* 172.* netmask 255.255.255.255
    gencode, Mar 18, 2006
    #3
  4. gencode

    zillah

    Joined:
    Mar 23, 2006
    Messages:
    39
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Andy Smith

    Alias to outside NAT PIX 6.2

    Andy Smith, Jan 26, 2004, in forum: Cisco
    Replies:
    3
    Views:
    1,635
    Jason Sowers
    Jan 26, 2004
  2. Replies:
    1
    Views:
    604
  3. Yogz
    Replies:
    1
    Views:
    2,995
  4. Jack
    Replies:
    0
    Views:
    672
  5. kyoo
    Replies:
    22
    Views:
    2,043
    Aceman
    Apr 12, 2008
Loading...

Share This Page