Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

dns on pix

dns_inside----pix-----user

dns is at the inside subnet

user is on the dmz

domain controller on the inside subnet

observations;

1. with nat (inside) 0 0 , the user could logon to the domain, but couldnt brouse any machine on the inside.

2. with nat (inside) 1 0 0 , user couldnt logon to the domain controller. static command is invoke with the ff detail

static (inside, dmz) 10.2.2.10 10.1.1.10

10.1.1.10 is the dns

10.2.2.10 is the outside mapped ip

ping from user to 10.2.2.10 is ok.

10.2.2.10 is configured as dns on windows user.

why cant i have dns service if am using nat?

Without nat, why cant i browse the inside network? i could find a computer on the inside using the computer name, thus dns is doing his job. I just cant browse.

anyone here could help me pls..

thanks a lot.

8 REPLIES
Cisco Employee

Re: dns on pix

hi,

the rule of translation requies you to have static translation if you want connection from dmz to inside.

so you have to use static translation or nat 0 with access-list

thanks

Nadeem

New Member

Re: dns on pix

ive done that, thats why i was able to login to the domain controller inside from a user on the DMZ.

Cisco Employee

Re: dns on pix

so what is your question/issue?

New Member

Re: dns on pix

the issue is i cant browse the inside network from the dmz...

inside is where servers are.

dmz is where users are.

Cisco Employee

Re: dns on pix

browsing the servers means? you cant connect via http or via windows network share etc.

in either case, you need to have an Access-list applied on the dmz interface to allow the desired traffic to reach the inside from dmz

New Member

Re: dns on pix

i cant see any macine on the inside from the network neighborhood. But if i do a search on the machine thru their computer names, it works.

Cisco Employee

Re: dns on pix

may be it requires WINS setting. or the necessary ports to be opened.

New Member

Re: dns on pix

hello,

It was able to browse the network even by just having a DNS. Server IPs must not be translated between inside and dmz though i still have to invoke the static command.

I dont know but its just taking a lot of time to for the pix to discover the network.

107
Views
0
Helpful
8
Replies
CreatePlease login to create content