cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
232
Views
5
Helpful
1
Replies

Getting rid of the alias command (DNS Doctoring and DNAT)

m.laporta
Level 1
Level 1

Hi Experts.

My Customer has a Pix 520 with OS ver. 5.1(5). As they have an external DNS, they use the alias command extensively, both for DNA doctoring and for Destination NAT.

I'm planning a (nightly!) migration to ver. 6.3 and want to get rid of the alias command (in order to use the PDM). I kindly ask for your help to make sure I correctly understand the static command as a substitute for the alias.

Here is the current configuration:

!

ip address outside A.B.C.126 255.255.255.128

ip address inside 192.168.204.1 255.255.255.0

ip address dmz 192.168.210.3 255.255.255.0

!

! DNS Doctoring

alias (inside) 192.168.204.29 A.B.C.29 255.255.255.255

!

! DNAT

alias (inside) A.B.C.100 192.168.210.100 255.255.255.255

!

static (inside,outside) A.B.C.29 192.168.204.29 netmask 255.255.255.255 0 0

static (dmz,outside) A.B.C.100 192.168.210.100 netmask 255.255.255.255 0 0

!

... and this is what I'm going to deploy:

!DNS Doctoring

no alias (inside) 192.168.204.29 A.B.C.29 255.255.255.255

static (inside,outside) A.B.C.29 192.168.204.29 dns netmask 255.255.255.255 0 0

!

! DNAT

no alias (inside) A.B.C.100 192.168.210.100 255.255.255.255

static (dmz,inside) A.B.C.100 192.168.210.100 netmask 255.255.255.255 0 0

!

Will this work as before?

Thank you!

1 Reply 1

scoclayton
Level 7
Level 7

Hi,

Looks great. One minor correction on your DNAT commands:

static (dmz,inside) 192.168.210.100 A.B.C.100 netmask 255.255.255.255 0 0

** note that I reversed the addresses

Good luck and let us know how it goes. Remember to 'cl x' after removing the alias and other old commands.

Scott

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: