Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

pix 515 6.0.1 with 3 interfaces

i have a DNS server on DMZ, i want inside users to ping DNS server with his public address

2 REPLIES
Community Member

Re: pix 515 6.0.1 with 3 interfaces

You have to do static NAT inside to DMZ and conduit commands required.

Community Member

Re: pix 515 6.0.1 with 3 interfaces

If your DNS server on the DMZ has a static to the outside, then you are trying to send a packet through the outside interface, then turn back around and come back in the outside interface.

This is essentially a redirect, which the ASA (rule engine) of the PIX will not permit. You should be able to reach the dns server using the private ip address or by domain name if using the alias command.

If you are not using a static for your DNS server, and it is dual-homed, then it should work fine (kind of defeats the purpose of the PIX though).

HTH

Jeff

112
Views
0
Helpful
2
Replies
CreatePlease to create content