Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

alias question

Status
Not open for further replies.
cmptrnerd

cmptrnerd

IS-IT--Management
Aug 11, 2001
255
US
I have tried to use the alias and static commands to get the users on the inside network to be able to access an internal ftp server using the same DNS name as the outside world. The problem seems to be is that the alias command does not allow port forwarding and the company only has one public IP address so we need port forwarding.

1) Is there a work around for this?

2) Why does the pix stop this for working. The only reason I ask this is once again I'm dealing with an irrational customer who has a little knowledge work with low cost routers like linksys that does allow you to do this without doina anything special and he told me to get another firewall if I'm not able to do this.

3) I really don't want to setup a DNS server at their location but it looks like this might be the only solution.

Mark

Mark
 
Sort by date Sort by votes
Scratch that - misread the PAT part.


Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
Horus I will try this command but I was trying both the alias and static DNS on another Pix at our office and I was not able to get the alias to work until I removed the port forwarding commands after reading the documentation for the alias command that said that port forwarding was not allowed. I assumed the static dns commands didn't work for the same reason but I only tried the alias command after removing the port fowarding. However on my office pix we had extra public ip's and this customer only has one public ip.



Mark
 
Upvote 0 Downvote
Well I tried putting dns to the static port redirection commands and that didn't work.

When I added static (inside,outside) public.ip 10.0.0.20 dns netmask 255.255.255.255 0 0

Then the workstations are not able to resolve DNS anymore.

When I put the above command in twice and remove it twice then the pix seems to work like it's doing a dns replacement, but once you reboot the pix it goes back to not replacing the public ip with the internal ip so I don't know what that is all about.

I setup an old NT4 server to do DNS but as I have found in the past the DNS server repsonds to slow and you have to hit F5 in the browser to get the web page to display properly.



Mark
 
Upvote 0 Downvote
This is far from elegant but depending on how many workstations are present, You can always add the server and IP to the hosts file. A simple script can accomplish this when they sign on to the domain.

I have only used this with an IP set aside for DNS only. From all I have read, dns rewrite and alias won't do this with a single IP using PAT. What platform/code version are you using?


Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
This is a long shot but did you clear the xlate after you have modified the static mapping

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
848
intel233
intel233
NoCoolHandle
  • Locked
  • Question
TLS 1.0 vrs TLS 1.1 vrs 1.2 connection strategy question
Replies
1
Views
233
ChrisHirst
ChrisHirst
J001
  • Locked
  • Question
Checkpoint Upgrade Question
Replies
0
Views
161
J001
J001
barbastica
  • Locked
  • Question
Cisco PIX Fierwall- SSH authentication question
Replies
0
Views
223
barbastica
barbastica
nosebreaker
  • Locked
  • Question
8.4 PAT/NAT question
Replies
1
Views
187
burtsbees
burtsbees

Part and Inventory Search

Sponsor

Back
Top