I have a web server on the inside interface of the PIX version 6.1 Firewall. It is mapped to an outside public address. I want my inside users to be able to access this server by its DNS name or outside address. How can this be done?
You have to use the alias command mapping the public IP address to the private one so when the rersolution with your DNS server takes place it will strip the public IP address request from the DNS records and replace it with the resolution to the private (internal) IP address and resolve correctly.
Thanks for your reply. My problem is that my DNS server is on the inside as well as the web server. My understanding is that the alias command would only work if my DNS server is on the outside. Is there anything else I can do to get arround this problem.
Do DNS doctoring instead. In DNS doctoring the PIX "changes" the DNS response from the DNS server to be different IP address than the DNS server actually answered for the given name. THis is used when you want the actual application call from the internal client to connect to the internal server by its internal IP address.
Example (notice in this case the public IP and Private IP are switch from my previous suggestion):
alias (inside) 10.10.10.10 18.104.22.168 255.255.255.255
This command sets up DNS doctoring. It initiated from the clients in the "inside" network. It watches for DNS replies that contain 22.214.171.124, then replaces the 126.96.36.199 address with the 10.10.10.10 address in the "DNS Reply" sent to the client PC.
Make sure you have your static routs already set or it will not work.
Does this work though when my DNS server is on the inside of the PIX. I have tried doing it and it doesn't seem to work. I have seen documentation that suggests this doesn't work if the DNS server is on the inside.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :