Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Using 'Alias' vs 'Outside NAT'?

Greetings,

I recently started with a company that has a PIX 515. I upgraded the IOS from 6.1(1)to 6.3(5), and installed PDM 3.04.

When I try to run the PIX via PDM, it prompts with "PDM does not support the 'Alias' Command in your configuration..You should migrate to the newer "Outside NAT" feature (aka Bi-Directional NAT).

Here are my statements regarding 'Alias'. Can anyone please provide insight/examples on how to migrate these statements?

alias (inside) x.x.x.x y.y.y.y 255.255.255.255

alias (inside) x.x.x.x y.y.y.y 255.255.255.255

alias (inside) x.x.x.x y.y.y.y 255.255.255.255

alias (dmz) x.x.x.x y.y.y.y 255.255.255.255

static (inside,outside) tcp x.x.x.x www y.y.y.y www netmask 255.255.255.255 0 0

static (inside,outside) tcp x.x.x.x citrix-ica y.y.y.y citrix-ica netmask 255.255.255.255 0 0

static (dmz,outside) tcp x.x.x.x https y.y.y.y https netmask 255.255.255.255 0 0

static (dmz,outside) tcp x.x.x.x ftp y.y.y.y ftp netmask 255.255.255.255 0 0

static (inside,outside) tcp x.x.x.x smtp y.y.y.y smtp netmask 255.255.255.255 0 0

static (inside,outside) tcp x.x.x.x smtp y.y.y.y smtp netmask 255.255.255.255 0 0

static (inside,outside) tcp x.x.x.x www y.y.y.y www netmask 255.255.255.255 0 0

static (inside,outside) tcp x.x.x.x citrix-ica y.y.y.y citrix-ica netmask 255.255.255.255 0 0

static (inside,outside) tcp x.x.x.x 81 y.y.y.y netmask 255.255.255.255 0 0

static (inside,dmz) x.x.x.x y.y.y.y netmask 255.255.255.0 0 0

static (inside,outside) x.x.x.x y.y.y.y netmask 255.255.255.255 0 0

static (inside,outside) x.x.x.x y.y.y.y netmask 255.255.255.255 0 0

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Using 'Alias' vs 'Outside NAT'?

Hi .. Alias command is used for translation of IPs that overlap .. for example if you have a remote site using 192.168.0.1 and you also have your internal LAN using the same range, then you could make 192.168.0.1 appear to your LAN as a different IP address .. in this case 10.10.10.10

alias (inside) 10.10.10.10 192.168.0.1 255.255.255.255

You could also use Alias to redirect traffic to a different address. This translates the destination IP.

In your config it seems like

alias (inside) x.x.x.x y.y.y.y 255.255.255.255

alias (dmz) x.x.x.x y.y.y.y 255.255.255.255

they have been already configured by using

static (inside,dmz) x.x.x.x y.y.y.y netmask 255.255.255.0 0 0

static (inside,outside) x.x.x.x y.y.y.y netmask 255.255.255.255 0 0

An so .. I suggest you to remove them .. then type in clear xlate ( this will interrupt your current connections for a few seconds ) .. and then test to make sure everything is OK and finally save the changes wr mem.

I hope it helps .. please rate it if it does !!! ..

1 REPLY

Re: Using 'Alias' vs 'Outside NAT'?

Hi .. Alias command is used for translation of IPs that overlap .. for example if you have a remote site using 192.168.0.1 and you also have your internal LAN using the same range, then you could make 192.168.0.1 appear to your LAN as a different IP address .. in this case 10.10.10.10

alias (inside) 10.10.10.10 192.168.0.1 255.255.255.255

You could also use Alias to redirect traffic to a different address. This translates the destination IP.

In your config it seems like

alias (inside) x.x.x.x y.y.y.y 255.255.255.255

alias (dmz) x.x.x.x y.y.y.y 255.255.255.255

they have been already configured by using

static (inside,dmz) x.x.x.x y.y.y.y netmask 255.255.255.0 0 0

static (inside,outside) x.x.x.x y.y.y.y netmask 255.255.255.255 0 0

An so .. I suggest you to remove them .. then type in clear xlate ( this will interrupt your current connections for a few seconds ) .. and then test to make sure everything is OK and finally save the changes wr mem.

I hope it helps .. please rate it if it does !!! ..

146
Views
0
Helpful
1
Replies
CreatePlease login to create content