Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Alternate for alias command inPIX

hi all,

Is there is any alternative command for alias command ( PIX Version 6.3 )with which Destination address can be NATed. PDM doesnt work because this command is not supported.

2 REPLIES
Cisco Employee

Re: Alternate for alias command inPIX

You can use the Destination-NAT static feature in 6.3 to do this.

Let's say you have a user on the inside that connects to a host at 1.1.1.1 on a DMZ interface. The inside user actually connects to 10.1.1.1 cause that's what his DNS query returns, but you need to change that to 1.1.1.1 as it goes through the PIX.

THe command you need is as follows:

static (dmz,inside) 10.1.1.1 1.1.1.1 netmask 255.255.255.255

Note how the interface names are swapped around from a "normal" static. The above command says that if the PIX sees a packet on the inside interface destined to 10.1.1.1, send it out the dmz interface destined to 1.1.1.1.

Community Member

Re: Alternate for alias command inPIX

Say I have two inside interfaces and an outside interface:

DMZ_a host 10.1.1.10

DMZ_b host 10.1.2.10

public address for DMZ_b host is 10.1.0.10

If I want DMZ_a host to hit the public address for DMZ_b host, how would I set this up? Would it be like this:

static(DMZ_b,DMZa) 10.0.1.10 10.1.2.10 netmask 255.255.255.255

TIA

124
Views
4
Helpful
2
Replies
CreatePlease to create content