Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

PIX 520 with 3 ports,version 6.0(1)

The web server is on the DMZ zone,but inside user cann't access the web server,I try to use the alias command to solver this problem.

alias (inside)

after doing so, when I ping our domain name I can see the domain name is translate from global ip address to DMZ ip address ,that indicate the alias works well.

but at this time, the NAT didn't work well, the PIX direct the traffic to the outside port,using debug icmp trace command,I can see the following result:

ICMP reques:>>

I have been trying use "SYSOPT NOPROXYARP" command but it looks doesn't work well.

And I am trying add a static MAC address in the ARP table, It also didn't resolve this problem. By the way, after added the alias command ,I use "show arp" command to check arp table, There isn't any Mac address associated with my alias address.

I have tried all kind of method to solve this question, I nedd your help.

Thanks a lot!

Community Member

Re: PIX 520 with 3 ports,version 6.0(1)


You should enter the static PAT command inside to DMZ.

For Example; the IP Address of DMZ interface and IP Address of inside interface

enter this command,

global (dmz) 1 netmask

nat (inside) 1 0 0

packets from inside to dmz they will not go to the outside.

CreatePlease to create content