- Gold, 750 points or more
The VPN Client's Domain Name System (DNS) server is also on the inside, and it is returns the global (translated) IP address of the web server.
If the VPN Client, web server and DNS server are all located off the same interface on the PIX Firewall, then the PIX cannot doctor the DNS replies with the alias command because the replies do not pass through the PIX. The only solution is for the internal DNS server to respond to requests for the web server's name with the real IP address.
For more information, refer to Using nat, global, static, conduit, and access-list Commands and Port Redirection on PIX.