I have PIX with version 6.2 . Without alias command , i get access by only ip address , noy by name , from Inside . But , when I put the "alias" command , loose all access at DMZ , except ping .But telnet , and web not function , event with the real world .
sorry, but what exactly are you trying to do? Are you trying to reach a server on the dmz using the dns name of the server? Where is you dns server located? What is the real ip address of the server in the dmz zone and what is the address given by the dns server?
The PIX is currently in the lab and I have a laptop on the DMZ acting as a www server, I'm using CSPM to create the ACL's and currently have permit all IP to the internal subnets from the DMZ network (192.168.17.0). The PC's on the 'intranet' access the www servers using the real ip address so I need to use the Alias command to Destination NAT. WITHOUT the Alias commands in the running config the www server has full access to the intranet as expected, as soon as I issue the alias command (then clear x) the www server loses all IP access to the intranet. This is confirmed by the PIX showing 'deny icmp src DMZ-slot:3......' etc.
I'm using the capture command to show all IP packets arriving on the DMZ interface and all looks well.
I've just changed the ACL on the DMZ to permit ip any any. This now allows the www server to perform DNS lookups on the internal subnet. The packets show a source address of the registered network, so I obviously need to amend the ACL's to allow the source address of the registrered addresses. I can't do this using CSPM though as CSPM isn't aware of the alias commands and therefore the additional ACL's entried that need to go with it. I guess I can manually amend the ACL's within CPSM. Back to the help!
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...