Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Nat question on Pix 515

I am installing a pix 515e and have a situation where there is a requirement for internal users to have connectivity to an internal server but via it's translated external address...... ie they point a browser at an external address that is physically located on the same internal Lan and simply translated to the external address. Is there any way to get this to work ? I have the static translation in place and working for the server with regards access from the web. I also have a pool address in use for other hosts on the Lan that works OK. But when they try to get to the servers external NAT address it just seems to do nothing ...

If you understood this then I would appreciate any ideas !!


Re: Nat question on Pix 515

If this is happening due to external DNS resolution, use the "dns" keyword of the static command. (Pix 6.2+)

static (inside,outside) dns netmask

This tells the Pix to "doctor" the DNS reply and substitue the private IP address for the public when the DNS response is returned.

If anything below 6.2, you can use the "alias" command to accomplish the same thing:

static (inside,outside) dns netmask

alias (inside)

Note that the Pix's PDM does support the "alias" command except for use of the Monitoring tab.

If the probem is occurring due to internal DNS resolution, you must fix it there. You cannot access a resource on the inside from the inside by using the Pix. The Pix does not allow a packet to enter and exit the same interface.

If the problem is due a DMZ configuration on the Pix, you can use bi-directional NAT. (Pix 6.2+) If this is the case, I'd be happy to give examples for this too.