Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Alias command seems to prevent access

Hello,

I have a PIX 515E with 3 interfaces running v6.2(2). On the DMZ interface, I'm running a webserver with a private IP. Using the static command, I have a public IP mapped to the web server for port 80 and port 22 on the external interface. To allow internal hosts access to this server, I setup an alias that redirects all resolution of the public IP to the web server's private IP. This works fine for web browsing, but this web server also serves a second function. I also use it as an alternative VPN by using SSH port-forwarding. When I connect to the server via SSH (from outside of the network) prior to the addition of the alias command, I had no problems with port-forwarding. Once the alias command was set, it stopped working.

From the internal network, I'm also unable to SSH to the web server's private IP any more (I have to access it through its public IP), even though I was able to prior to the alias command being in place.

I thought the alias command was only suppose to affect requests directed to the public IP of the server. Can anyone tell me why I'm running into this issue, and what would be some ways to get around the problem? Thanks in advance!

--Andy

3 REPLIES
New Member

Re: Alias command seems to prevent access

Hi Andy,

Is your ISP hosting your domain name for you, or do you have an internal DNS server?

New Member

Re: Alias command seems to prevent access

Hi Andy,

The alias cmd would redirect all requests to your web server internal IP to the public IP. The DNS replies on the other hand, would be doctored by the PIX, so that the DNS reply to the inside clients would be changed to the web server internal IP. Is your domain name hosted by your ISP or do you have a DNS server? I was thinking maybe by using names instead of IP addresses would resolve your problem.

New Member

Re: Alias command seems to prevent access

Thanks for the suggestion Matthew. I solved the problem by creating a virtual interface on the server, and directing the alias command to that. This allowed the normal interface IP to be accessed normally.

93
Views
0
Helpful
3
Replies
CreatePlease to create content