Currently I have a DNS server running behind a PIX 501. I can ping the servers external IP and everything. My question is do I have to NAT the local IP of the DNS server to the static external IP for DNS to work? I am trying to set this up for external webhosting use.
Hi .. if you are providing DNS resolution on your DNS server for requests coming from the Internet .. yes you need to create a static NAT or port forwarding (if you only have one public IP address used by the firewall). Ans also you need to allow that access to the access list applied to the outiside interface. i.e
Port forwarding using the external IP of the firewall:
Hi .. First of all you need to make sure that the IP addresses (firewall and DNS server) don't overlap .. meaning they belong to two separate segments. The static NAT part (as you mentioned) from the configuration point of view it will be OK HOWEVER, the firewall needs to know the next hop to 74.X.X.35 as it only knows the directed connected networks by default. In which case you will need another device behind the firewall -such a router- for this purpose. What you are trying to achieve requires a firewall with at least 3 interfaces and/or that supports VLANs. Unfortunately the 501 limits the creation of two segments only (inside and outside). Alternatively you can have two 501 and create a DMZ segments between the two.
Internet ->PublicFirewall<-DMZ segment-> PrivateFirewall-> Inside Network
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :