https://community.cisco.com/t5/network-security/dns-on-pix/m-p/450065#M530521 <HTML><HEAD></HEAD><BODY><P>browsing the servers means? you cant connect via http or via windows network share etc.</P><P></P><P>in either case, you need to have an Access-list applied on the dmz interface to allow the desired traffic to reach the inside from dmz</P><P></P></BODY></HTML> Mon, 21 Nov 2005 00:09:18 GMT nkhawaja 2005-11-21T00:09:18Z https://community.cisco.com/t5/network-security/dns-on-pix/m-p/450060#M530499 <P>dns_inside----pix-----user</P><P></P><P>dns is at the inside subnet</P><P>user is on the dmz</P><P>domain controller on the inside subnet</P><P></P><P>observations;</P><P>1. with nat (inside) 0 0 , the user could logon to the domain, but couldnt brouse any machine on the inside.</P><P></P><P>2. with nat (inside) 1 0 0 , user couldnt logon to the domain controller. static command is invoke with the ff detail</P><P></P><P>static (inside, dmz) 10.2.2.10 10.1.1.10</P><P>10.1.1.10 is the dns</P><P>10.2.2.10 is the outside mapped ip</P><P></P><P>ping from user to 10.2.2.10 is ok.</P><P>10.2.2.10 is configured as dns on windows user.</P><P></P><P>why cant i have dns service if am using nat?</P><P></P><P>Without nat, why cant i browse the inside network? i could find a computer on the inside using the computer name, thus dns is doing his job. I just cant browse.</P><P></P><P>anyone here could help me pls..</P><P></P><P>thanks a lot.</P> Fri, 21 Feb 2020 08:32:19 GMT https://community.cisco.com/t5/network-security/dns-on-pix/m-p/450060#M530499 rpalacio 2020-02-21T08:32:19Z https://community.cisco.com/t5/network-security/dns-on-pix/m-p/450061#M530504 <HTML><HEAD></HEAD><BODY><P>hi,</P><P></P><P>the rule of translation requies you to have static translation if you want connection from dmz to inside.</P><P></P><P>so you have to use static translation or nat 0 with access-list</P><P></P><P></P><P>thanks</P><P>Nadeem</P></BODY></HTML> Sat, 19 Nov 2005 19:28:53 GMT https://community.cisco.com/t5/network-security/dns-on-pix/m-p/450061#M530504 nkhawaja 2005-11-19T19:28:53Z https://community.cisco.com/t5/network-security/dns-on-pix/m-p/450062#M530510 <HTML><HEAD></HEAD><BODY><P>ive done that, thats why i was able to login to the domain controller inside from a user on the DMZ.</P><P></P></BODY></HTML> Sat, 19 Nov 2005 20:22:07 GMT https://community.cisco.com/t5/network-security/dns-on-pix/m-p/450062#M530510 rpalacio 2005-11-19T20:22:07Z https://community.cisco.com/t5/network-security/dns-on-pix/m-p/450063#M530513 <HTML><HEAD></HEAD><BODY><P>so what is your question/issue?</P></BODY></HTML> Sun, 20 Nov 2005 13:55:05 GMT https://community.cisco.com/t5/network-security/dns-on-pix/m-p/450063#M530513 nkhawaja 2005-11-20T13:55:05Z https://community.cisco.com/t5/network-security/dns-on-pix/m-p/450064#M530519 <HTML><HEAD></HEAD><BODY><P>the issue is i cant browse the inside network from the dmz...</P><P></P><P>inside is where servers are.</P><P>dmz is where users are.</P><P></P></BODY></HTML> Sun, 20 Nov 2005 20:20:35 GMT https://community.cisco.com/t5/network-security/dns-on-pix/m-p/450064#M530519 rpalacio 2005-11-20T20:20:35Z https://community.cisco.com/t5/network-security/dns-on-pix/m-p/450065#M530521 <HTML><HEAD></HEAD><BODY><P>browsing the servers means? you cant connect via http or via windows network share etc.</P><P></P><P>in either case, you need to have an Access-list applied on the dmz interface to allow the desired traffic to reach the inside from dmz</P><P></P></BODY></HTML> Mon, 21 Nov 2005 00:09:18 GMT https://community.cisco.com/t5/network-security/dns-on-pix/m-p/450065#M530521 nkhawaja 2005-11-21T00:09:18Z https://community.cisco.com/t5/network-security/dns-on-pix/m-p/450066#M530525 <HTML><HEAD></HEAD><BODY><P>i cant see any macine on the inside from the network neighborhood. But if i do a search on the machine thru their computer names, it works.</P></BODY></HTML> Mon, 21 Nov 2005 04:09:04 GMT https://community.cisco.com/t5/network-security/dns-on-pix/m-p/450066#M530525 rpalacio 2005-11-21T04:09:04Z https://community.cisco.com/t5/network-security/dns-on-pix/m-p/450067#M530528 <HTML><HEAD></HEAD><BODY><P>may be it requires WINS setting. or the necessary ports to be opened. </P></BODY></HTML> Mon, 21 Nov 2005 21:33:25 GMT https://community.cisco.com/t5/network-security/dns-on-pix/m-p/450067#M530528 nkhawaja 2005-11-21T21:33:25Z https://community.cisco.com/t5/network-security/dns-on-pix/m-p/450068#M530531 <HTML><HEAD></HEAD><BODY><P>hello,</P><P></P><P>It was able to browse the network even by just having a DNS. Server IPs must not be translated between inside and dmz though i still have to invoke the static command. </P><P></P><P>I dont know but its just taking a lot of time to for the pix to discover the network.</P><P></P><P></P></BODY></HTML> Tue, 22 Nov 2005 07:15:11 GMT https://community.cisco.com/t5/network-security/dns-on-pix/m-p/450068#M530531 rpalacio 2005-11-22T07:15:11Z