cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
396
Views
0
Helpful
7
Replies

d-nat

ejaj
Level 1
Level 1

I am using pix 515 with four dmz, inside and outside interaces. these interfaces are in the following order

inside | dmz1 | dmz2 | dmz3 | dmz4 | outside

Access to web server at dmz1 has to be given from dmz2 and outside interface by URL name. DNS server is put at dmz4. Static and conduit pair from outside is working ok. However the samethig replicated for dmz2 is not giving desired results.

I am using pvt ip and doing nat at dmz1,dmz2 and dmz3 only.

static and conduit pair is as follows:

static(dmz1,dmz2) <dmz2_ip> <dmz1_ip>

conduit permit tcp host <dmz2_ip> eq www any

With these configuration what more I have to do if I need to access web by URL.

---ejaj

7 Replies 7

yusuff
Cisco Employee
Cisco Employee

You need to use alias command as explained in following URL

http://www.cisco.com/warp/customer/110/alias.html#dmz

HTH

R/Yusuf

ejaj
Level 1
Level 1

Dear Yusuf

I did, but not successful. Here is the entry which I put

alias(dmz2)

even reversing the order of IPs also didn't work

yusuff
Cisco Employee
Cisco Employee

Try using alias command for dmz1, where the web server is located ??

The interface in the alias command should be the "interface" that the clients are calling from.

R/Yusuf

webserver is at dmz1 and dns server is at dmz4

---ejaj

yusuff
Cisco Employee
Cisco Employee

you need to use multiple alias commands from where the clients are coming from i.e. browse the web which is at dmz1

for eg

alias (inside)

alias (dmz1)

alias (dmz2)

R/Yusuf

Thank you Yusuf, still I am not clear which ip I have to put in which alias and in which order. My doubt is exactly this one.

ejaj
Level 1
Level 1

Dear Yusuf

Pl help me regarding doing alias. I am not able to do. My exact doubt is, which ip will come first at alias(dmz1). I did alias(inside) amd alias(dmz2) correctly.

I have used alias(dmz1,dmz2)

This didn't work. Even I reversed the order of dmz1_ip and dmz2_ip, it didn't work.

---ejaj

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: