Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

PIX Work Around

Here is my situation. My LAN users must enter either my Web server name or internal IP address to get to our Web site. The CEO wants to be able to type in the URL ( to get to the site. I have our LAN protected from the outside world with a PIX 515 using NAT, which is not allowing LAN users to type in the URL & go out the PIX & make a U turn and come back in again. I believe I need a DNS entry on the LAN DNS database, but I'm not familiar enough with DNS to get it to work. Has anybody had experience with this or have any ideas on how I can accomplish this to satisfy my boss.

Community Member

Re: PIX Work Around

You're right, you can setup an internal DNS server with the users pointing to that DNS server which has the webserver mapped to it's internal IP address. Outside users will rely on their external DNS to get to your site. DHCP from WindowsNT/2000 works great for configuring the DNS of your internal clients.

Community Member

Re: PIX Work Around

Another solution is to use the alias command on the PIX. In simple terms it is a DNS entry on the PIX for your web server. The only problem is if you are running the PDM on your PIX, the alias command is not supported and will disable all the screens except for Monitoring in the PDM. If you are not running the PDM than you are OK.

Hope this helps. I believe it is a much simpler solution.

Bob Staaf

Southern Web Services

Orlando, Fl

Community Member

Re: PIX Work Around

It is not good practice to resolve IP addresses in your private network via a public DNS server. You should definately include an address on an internal DNS box. I have internal users lookup an internal DNS server and then it queries externally if there is no record. You can use an A record that makes sense to you then CNAME record for whatever the boss wants.

CreatePlease to create content