Issue with Static

aalshammari · ‎03-22-2007

Dears,

We have web server in DMZ zone of PIX, static statement from outside,DMZ has been added to publish the server to the internet, the site is accessible over the internet without any issues.

The issue is when any user from inside the network tries to access the site domain name with pointed to the site public IP, their traffic will go from inside interface of PIX to outside going to the ISP and then back to the user .

As you have notice the traffic flow is quite long. How we can configure the PIX to pass the traffic directly to the server which in DMZ zone without needs of going to the internet???

Current IOS version is 6.3

Many thanks for your help.

rmeans · ‎03-22-2007

Have you looked at adding the dns statement in your static statement?

static (dmz,outside) public_ip private_ip netmask 255.255.255.255 dns

You could also use the alias command. You should know that the alias command will be going away in future releases (7.x).

aalshammari · ‎03-22-2007

Hi rmeans

Thanks for your replay.

No I haven't , would you please clarify more what will happen if I add DNS keywork in static statement.

acomiskey · ‎03-22-2007

That will do dns rewrite, the pix will actually change the dns request from public to private ip. You have a few options, use an inside dns server, edit pc's host file, dns rewrite, or alias/bidirectional-nat. This link will explain what you need.

http://blogs.interfacett.com/mike-storm/2006/6/29/bidirectional-nat-on-a-cisco-pix-or-asa.html