Issue with Static

Unanswered Question
Mar 22nd, 2007
User Badges:

Dears,


We have web server in DMZ zone of PIX, static statement from outside,DMZ has been added to publish the server to the internet, the site is accessible over the internet without any issues.


The issue is when any user from inside the network tries to access the site domain name with pointed to the site public IP, their traffic will go from inside interface of PIX to outside going to the ISP and then back to the user .


As you have notice the traffic flow is quite long. How we can configure the PIX to pass the traffic directly to the server which in DMZ zone without needs of going to the internet???


Current IOS version is 6.3


Many thanks for your help.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
rmeans Thu, 03/22/2007 - 05:59
User Badges:

Have you looked at adding the dns statement in your static statement?


static (dmz,outside) public_ip private_ip netmask 255.255.255.255 dns


You could also use the alias command. You should know that the alias command will be going away in future releases (7.x).

aalshammari Thu, 03/22/2007 - 06:17
User Badges:

Hi rmeans


Thanks for your replay.


No I haven't , would you please clarify more what will happen if I add DNS keywork in static statement.


acomiskey Thu, 03/22/2007 - 06:20
User Badges:
  • Green, 3000 points or more

That will do dns rewrite, the pix will actually change the dns request from public to private ip. You have a few options, use an inside dns server, edit pc's host file, dns rewrite, or alias/bidirectional-nat. This link will explain what you need.


http://blogs.interfacett.com/mike-storm/2006/6/29/bidirectional-nat-on-a-cisco-pix-or-asa.html

Actions

This Discussion