Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Pix nating with DNS

Hi. Looking to nat DNS messages flowing across a PIX.

Seen the "alias" command, but this seems to be for DNS servers on the outside only:

(ie. DNS reply is NATed on a transition from a Low -> High interface)

whereas I have a DNS server on the inside, which has local ip addresses in its zone file (10.0.0.1 say) which should be NATed to global ip addresses (93.0.0.1 say) when the reply is outbound.

Is this possible? - does the static command do this automagically?

Many thanks

Douglas Crabbe.

1 REPLY
New Member

Re: Pix nating with DNS

No the static command doesn’t do anything automatically. If you must access your internal servers through their outside address but must keep your DNS on the inside, you can renumber the outside segment of the PIX to another RFC1918 address.

Put route statements for your networks in the outside router back to the PIX outside address and a default route to the outside router for all Internet/foreign traffic. Now when your internal host wants to get to a host on the inside via the outside static, it will get out to the outside router and get routed back to the PIX.

The outside router will no longer ignore the packet because it has a route for that network (before that network was directly connected so the router assumed the packet was for another host on that network.) Other options, local hosts files on all your internal pc’s (not very scalable) or move the DNS to a DMZ and use alias commands.

96
Views
0
Helpful
1
Replies
CreatePlease login to create content