I am working to convert a 6.3(1) config from conduit to ACL so I can upgrade the code. Output interpreter will not offer conversion suggestions because of an alias command in the config.
Situation: Static inbound nat from outside to dmz with destination nat for inside hosts to dmz
Inside hosts need to communicate with the public (outside) address of the DMZ server. We ARE NOT using DNS doctoring and cannot. This is a VoIP application, the VoIP hosts do not rely on hostnames. A working scenario is an ip phone that communicates with a VoIP gateway server in the DMZ, where the user carries the phone with them while travelling, but also uses it in the office on the inside network.
All Cisco docs that I find relate to using the dns command in the nat statements. The only other doc I find references the alias command and does not offer NAT alternatives.
This is a working config, but IP's are ficticious. Conduits and access lists are excluded.
DMZ Host: 192.168.5.5
alias (inside) 22.214.171.124 192.168.5.5 255.255.255.255
Note how the interface names (dmz,inside) are the wrong way around from a "normal" static. This command says that if you see a packet on the inside interface destined for 126.96.36.199, change the destination to 192.168.5.5 and send it out the dmz interface. Hence "destination NAT'ing", not DNS Doctoring.
Note the above static only handles the traffic coming from the inside interface to the DMZ server, you still need your original static that you've shown in your original post to handle traffic from the outside to the dmz.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :