Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

static translations and dns

I have a web server on my dmz. Computers on the dmz can not access it by name. The problem is that the DNS returns the outside (real) ip. I need the dmz to translate it into a local ip. I am using the PDM so I am not using aliases. Any help would be appreciated.

  • Other Security Subjects
1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: static translations and dns

You can do this with the [static] commands and the "dns" option.

static (dmz,outside) 123.123.123.123 192.168.1.1 dns netmask 255.255.255.255 [the dns keyword tells the pix to do DNS doctoring for this translation because DNS resolves to the public IP]

static (dmz,inside) 123.123.123.123 192.168.1.1 netmask 255.255.255.255 [allows internal hosts to connect to the public IP found in DNS and translates it to the private IP on the way to the DMZ]

Make sure to do a [clear xlate] after the changes.

If you're running below 6.2, you'll have to do some form of [alias] on the Pix.

1 REPLY
Silver

Re: static translations and dns

You can do this with the [static] commands and the "dns" option.

static (dmz,outside) 123.123.123.123 192.168.1.1 dns netmask 255.255.255.255 [the dns keyword tells the pix to do DNS doctoring for this translation because DNS resolves to the public IP]

static (dmz,inside) 123.123.123.123 192.168.1.1 netmask 255.255.255.255 [allows internal hosts to connect to the public IP found in DNS and translates it to the private IP on the way to the DMZ]

Make sure to do a [clear xlate] after the changes.

If you're running below 6.2, you'll have to do some form of [alias] on the Pix.

209
Views
0
Helpful
1
Replies