Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX 520: Inside to DMZ using public IP's


I have a web server and a nameserver on my DMZ and need to allow all users from inside the private network to access the companies web using its domain name, which will be resolved to a public IP by the nameserver on the DMZ.

Here is a sample:

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 dmz1 security10

ip address outside

ip address inside

ip address dmz1

static (dmz1,outside) netmask 0 0

static (dmz1,outside) netmask 0 0

Right now I can access everything using the 10.10.76.x addresses, but it fails when using the public IP's. Is this an access-list issue? I would assume that since 206.139.48.x is a directly connected network to the PIX that there would be no issue such as this.

Thanks in advance for any help.


Cisco Employee

Re: PIX 520: Inside to DMZ using public IP's


If you want to configure your internal hosts to use Public IP addresses of the Web and DNS server, you need to configure "Alias" command on inside interface. In your case it will be:

alias (inside)

alias (inside)

These entries will cause PIX firewall to do a DNAT (destination NAT).

For more details check out the following link.

Joseph Shakyan