Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
382
Views
0
Helpful
1
Replies

translating ip address without dns

Jim.Kiddoo
Level 1
Level 1

‎01-08-2003 02:01 PM - edited ‎03-09-2019 01:36 AM

I am trying to route clients behind the firewall to another server on the same interface, so what that means is when they look for 55.55.192.70 i want them to go to 10.0.1.70 on that same interface. I can do this fine with DNS doctoring but I have clients who connect to vpn through ip address instead of name. Is there a way to force that request to another machine, when they don't use dns?

Thanks

Jim Kiddoo

Labels:
0 Helpful
1 Reply 1

tvanginneken
Level 4
Level 4

‎01-08-2003 02:38 PM

Hi,

instead of using the 'alias' command for 'DNS Doctoring', you could try using the 'alias' command for 'destination nat translation'.

If have tried this from the inside to the dmz, but I am not sure it will work for inbound traffic encrypted traffic. Please try this command:

alias(outside) 55.55.192.70 10.0.1.70 255.255.255.255

I am absolutely not sure it will work, but it is worth a try. This command replaces the destination ip address of packets going to 55.55.192.70. The destination address is replaced with 10.0.1.70 when the packets go through the pix.

More info on this URL:

http://www.cisco.com/warp/public/110/alias.html

Isn't there a way for the VPN clients to connect directly to 10.0.1.70? Maybe you can setup an internal dns server that links the server's dns name to it's 10.0.1.70 address. That way the vpn clients can use this internal dns server.

Kind Regards,

Tom

0 Helpful
Customers Also Viewed These Support Documents