Using outside NAT statements to replace "alias"

mrchongo · ‎05-24-2006

We use “alias” commands in our ASA configuration that were migrated from our PIX. The presence of these commands precludes the use of the configuration functions within the appliance’s Device Manager application. I have done some research on replacing/rewriting the lines to use the outside NAT function, but I’m still not clear on it. Could someone please give me an example (using just one alias statement) of the syntax changes would be necessary to update the config in order to fully utilize ASDM? TIA

ebreniz · ‎05-30-2006

The "alias" commnand has been replaced by the nat and static commands with the "dns" argument on both the commands.

A very detailed information on the "alias" command is given in the following document.

http://www.cisco.com/en/US/products/ps6120/products_command_reference_chapter09186a00805fd7f5.html#wp1343428

For nat and static commands;

http://www.cisco.com/en/US/products/ps6120/products_command_reference_chapter09186a00805fd87f.html#wp1583696

http://www.cisco.com/en/US/products/ps6120/products_command_reference_chapter09186a00805fd881.html#wp1540284

mlowery · ‎07-03-2006

My understanding was that you replaced the alias command by adding the "dns" tag in your static command. This does not work for me. So do I create a seperate static command with the global and local ip reversed, using the "dns" tag in this command in order for this to work?

For example, if I have a server on my inside network, www.domain.com, which has the IP address 10.1.1.1, but is world-resolvable to 2.2.2.2, I would have used alias like this:

alias (inside) 2.2.2.2 10.1.1.1 255.255.255.255

However, if I use the static command instead, then would I have to have both of these?

static (inside,outside) 2.2.2.2 10.1.1.1 netmask 255.255.255.255

static (inside,outside) 10.1.1.1 2.2.2.2 dns netmask 255.255.255.255