Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
620
Views
0
Helpful
5
Replies

PIX 501 Alias command

stakano
Level 1
Level 1

‎04-06-2003 12:56 AM - edited ‎02-20-2020 10:40 PM

I have a PIX 501 with a server on the inside that is accessible from the outside with the routable IPonly, using the static command;

static (inside,outside) <outside IP> 192.168.0.101 netmask 255.255.255.255 0 0

There are inside users that also need to access this internal server using the same routable IP. I have played with the alias commands to no avail.

I have tried

- alias (inside) <outside IP> 192.168.0.101 and also reversing them and no luck

Can anybody help?

0 Helpful
5 Replies 5

tvanginneken
Level 4
Level 4

‎04-07-2003 06:10 AM

Hi,

please have a look at this URL:

http://www.cisco.com/warp/customer/110/alias.html

If you are using dns doctoring, then there should be a DNS server at another interface of the pix (not inside). If this is the case use this command:

alias (inside) 192.168.0.101 255.255.255.255

If you are using destination nat, then the 'internal' machine should be on another subnet and interface (eg dmz) as the internal clients are. If this is the case, then use this command:

alias(inside) 192.168.0.101 255.255.255.255

Kind Regards,

Tom

0 Helpful

stakano
Level 1
Level 1
In response to tvanginneken

‎04-07-2003 08:52 AM

Hi,

Do I need to have another interface for this to work?

I see that the pages describe the scenario that I have, which is the destination nat where both the server and the internal resources are on the same inside interface.

The only difference is that the server is not accessed via DNS requests, and only by IP. I just need it to go from the routable IP to the private on the same subnet (inside).

BTW, I'm running 6.2.2

Thanks.

0 Helpful

tvanginneken
Level 4
Level 4
In response to stakano

‎04-07-2003 11:25 AM

Hi,

I am afraid destination nat requires an extra interface. Sorry.

Isn't it possible to use DNS names to access the system? Maybe you could implement your own internal dns server that links the DNS name to the private IP address of the server.

Kind Regards,

Tom

0 Helpful

stakano
Level 1
Level 1
In response to tvanginneken

‎04-07-2003 01:43 PM

I see what you're saying. Thanks.

I don't have an internal DNS server at the moment, but it looks as though I may have to go down that road.

Thanks

0 Helpful

stakano
Level 1
Level 1
In response to tvanginneken

‎04-08-2003 04:23 AM

Oops, I'm sorry but by closer look of the document my scenario is the same DNS doctoring.

Only difference is that there really is no name resolution in my case. It's accessed directly by the IP address.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card