Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

DNS doctoring and DNAT in the same PIX not work

Hi All,

In pix, In cisco's document, when use alias command for DNS doctoring, sysopt noproxyarp is needed. But after I enter the command, DNAT not work, even I have tried to use static arp record. Anybody has this experience?

Thank You!

Best Regards

Teru Lei

4 REPLIES
Cisco Employee

Re: DNS doctoring and DNAT in the same PIX not work

Hi Teru,

It is not nessasary/important to disable the proxy arp on the Pix , however it is recomended.

What is the sotware vesrion of Pix ? You can use the static command for DNAT,Alias is depritiated command and is not used anymore in new versions.

If you want to configure DNAT with static command the syntex for that is.

static (less_secure_int , High_secure_int) virtual_IP actual_IP

Hope this helps.

Tanveer

New Member

Re: DNS doctoring and DNAT in the same PIX not work

Thank you Tanveer. I have used static command to do DNAT but still use alias command for DNS doctoring. My version is 6.3. And Cisco's document says we should disable proxyarp for dns doctoring working. So I am confuse how to do.

Gold

Re: DNS doctoring and DNAT in the same PIX not work

To disable proxyarp on the pix, issue in config mode:

sysopt noproxyarp

* being either your inside interface of pix or outside interface, in your case it would be the inside interface. so it would be:

sysopt noproxyarp inside

save with write mem

Jay

New Member

Re: DNS doctoring and DNAT in the same PIX not work

But I use 7.0 OS to test, no problem

158
Views
0
Helpful
4
Replies
CreatePlease to create content