Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Replacing Alias Statements

Greetings,

I have a PIX515 with 6.3(5). I am trying to convert some Alias Statements, original input by a former employee, and need some guidance to convert to Static Statements.

Here are a couple:

alias (inside) 10.xxx.xx.x 2xx.2xx.xx.xx 255.255.255.255

alias (inside) 2xx.2xx.xx.x 172.xxx.xxx.x 255.255.255.255

alias (dmz) 172.xxx.xxx.x 2xx.2xx.xxx.xx 255.255.255.255

Is this the proper syntax for the corresponding statements above?:

Static (inside,outside)2xx.2xx.xx.xx 10.100.xx.x netmask 255.255.255.255 0 0

Static (inside,outside)https 172.xxx.xxx.x tcp 2xx.2xx.xx.x netmask 255.255.255.255 0 0

static (dmz,outside) tcp 2xx.2xx.xx.xx https 172.xx.xx.x https netmask 255.255.255.255 0 0

5 REPLIES
Bronze

Re: Replacing Alias Statements

Hello,

You can't really tell from the alias statements where those networks are.

I'm assuming that the 10.x network is on the inside interface, the 172.x network is on the dmz. is the 2xx on the outside?

--Jason

New Member

Re: Replacing Alias Statements

Jason,

Yes the 10.x network is on the inside, the 172.x is in the DMZ, and the 2xx. is the outside.

Robert

Bronze

Re: Replacing Alias Statements

Ok,

Assuming these alias statements are correct:

-------------------

alias (inside) 10.xxx.xx.x 2xx.2xx.xx.xx 255.255.255.255

should be

static (inside,outside)2xx.2xx.xx.xx 10.xxx.xx.x netmask 255.255.255.255

-------------------

-------------------

alias (inside) 2xx.2xx.xx.x 172.xxx.xxx.x 255.255.255.255

This one is interesting. 2xx.2xx.xx.x is not an inside IP address. if we went strictly by the alias syntax it would be:

static (inside, dmz) 172.xxx.xxx.x 2xx.2xx.xx.x netmask 255.255.255.255

the other possibility is that the DMZ address is the real address and it's mapped to the inside as the 2xx.

Though the 2xx.xxx address isn't on the inside interface. You might want to keep an eye on this one.

the other possibility is that the DMZ address is the real address and it's mapped to the inside as the 2xx.

so it would be

static (dmz,inside) 2xx.2xx.xx.x 172.xxx.xxx.x netmask 255.255.255.255

So anyone initiating to that external address would go to the dmz.

---------------------

---------------------

alias (dmz) 172.xxx.xxx.x 2xx.2xx.xxx.xx 255.255.255.255

should be

static (dmz,outside) 2xx.2xx.xxx.xx 172.xxx.xxx.x netmask 255.255.255.255

---------------------

New Member

Re: Replacing Alias Statements

Jason,

This was very helpful. Thanks.

Robert

Bronze

Re: Replacing Alias Statements

Don't forget to rate if it works. :)

--jason

209
Views
0
Helpful
5
Replies
CreatePlease login to create content