Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX 520: Inside to DMZ using public IP's

Hello,

I have a web server and a nameserver on my DMZ and need to allow all users from inside the private network to access the companies web using its domain name, which will be resolved to a public IP by the nameserver on the DMZ.

Here is a sample:

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 dmz1 security10

ip address outside 206.139.48.2 255.255.255.248

ip address inside 192.168.11.249 255.255.255.0

ip address dmz1 10.10.76.254 255.255.255.0

static (dmz1,outside) 206.139.48.3 10.10.76.11 netmask 255.255.255.255 0 0

static (dmz1,outside) 206.139.48.4 10.10.76.12 netmask 255.255.255.255 0 0

Right now I can access everything using the 10.10.76.x addresses, but it fails when using the public IP's. Is this an access-list issue? I would assume that since 206.139.48.x is a directly connected network to the PIX that there would be no issue such as this.

Thanks in advance for any help.

Jim

1 REPLY
Cisco Employee

Re: PIX 520: Inside to DMZ using public IP's

Jim,

If you want to configure your internal hosts to use Public IP addresses of the Web and DNS server, you need to configure "Alias" command on inside interface. In your case it will be:

alias (inside) 206.139.48.3 10.10.76.11 255.255.255.255

alias (inside) 206.139.48.4 10.10.76.12 255.255.255.255

These entries will cause PIX firewall to do a DNAT (destination NAT).

For more details check out the following link.

http://www.cisco.com/warp/public/110/alias.html#dmz

Joseph Shakyan

85
Views
0
Helpful
1
Replies