https://community.cisco.com/t5/network-security/pix-dns-resolution-issue/m-p/430319#M557397 <HTML><HEAD></HEAD><BODY><P>Hi ,</P><P></P><P>I had already tried this, I think this is an alternative to alias command in the newer versions.But it didn't work.I also tried to fiddle with the DNS entries.In forward lookup zone in Name server entries if am adding 192.168.2.90 as a second entry , I am able to join the domain from outside.But if I am restarting the server the entry goes off and it stops working.I couldnot understand whether it is a microsoft issue or PIX issue.</P></BODY></HTML> Tue, 07 Jun 2005 09:26:27 GMT sanjay.sangwan 2005-06-07T09:26:27Z https://community.cisco.com/t5/network-security/pix-dns-resolution-issue/m-p/430315#M557390 <P>HI,</P><P></P><P>I am trying to login to active directory server on inside from an outside of a PIX.The server works as DNS also.Follwing IP address is mapped</P><P></P><P> static(inside,outside) 192.168.2.90 192.168.1.90</P><P></P><P>AD Server(DNS)= 192.168.1.90</P><P>When I am trying to access the DNS from outside on 192.168.2.90 , The internal DNS replies with the 192.168.1.90 as AD domain name and login fails.How can I get the NATED IP as the Domain IP from the DNS.</P><P></P><P>Sanjay</P><P> </P> Fri, 21 Feb 2020 08:11:25 GMT https://community.cisco.com/t5/network-security/pix-dns-resolution-issue/m-p/430315#M557390 sanjay.sangwan 2020-02-21T08:11:25Z https://community.cisco.com/t5/network-security/pix-dns-resolution-issue/m-p/430316#M557393 <HTML><HEAD></HEAD><BODY><P>Check this page:</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aee.shtml" target="_blank">http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aee.shtml</A></P><P></P><P>Maybe this config will work?</P><P></P><P>alias (outside) 192.168.2.90 192.168.1.90 255.255.255.255</P><P>sysopt noproxyarp outside</P><P></P></BODY></HTML> Mon, 06 Jun 2005 09:49:58 GMT https://community.cisco.com/t5/network-security/pix-dns-resolution-issue/m-p/430316#M557393 johansens 2005-06-06T09:49:58Z https://community.cisco.com/t5/network-security/pix-dns-resolution-issue/m-p/430317#M557395 <HTML><HEAD></HEAD><BODY><P>Thanx</P><P></P><P>I tried the above commands but the nslookup still shows the 192.168.1.90 (actual IP) and I am not through.</P><P></P><P>Sanjay</P><P></P></BODY></HTML> Tue, 07 Jun 2005 03:36:09 GMT https://community.cisco.com/t5/network-security/pix-dns-resolution-issue/m-p/430317#M557395 sanjay.sangwan 2005-06-07T03:36:09Z https://community.cisco.com/t5/network-security/pix-dns-resolution-issue/m-p/430318#M557396 <HTML><HEAD></HEAD><BODY><P>you can also try</P><P>static(inside,outside) 192.168.2.90 192.168.1.90 dns</P><P>clear xlate</P></BODY></HTML> Tue, 07 Jun 2005 03:56:43 GMT https://community.cisco.com/t5/network-security/pix-dns-resolution-issue/m-p/430318#M557396 a.alekseev 2005-06-07T03:56:43Z https://community.cisco.com/t5/network-security/pix-dns-resolution-issue/m-p/430319#M557397 <HTML><HEAD></HEAD><BODY><P>Hi ,</P><P></P><P>I had already tried this, I think this is an alternative to alias command in the newer versions.But it didn't work.I also tried to fiddle with the DNS entries.In forward lookup zone in Name server entries if am adding 192.168.2.90 as a second entry , I am able to join the domain from outside.But if I am restarting the server the entry goes off and it stops working.I couldnot understand whether it is a microsoft issue or PIX issue.</P></BODY></HTML> Tue, 07 Jun 2005 09:26:27 GMT https://community.cisco.com/t5/network-security/pix-dns-resolution-issue/m-p/430319#M557397 sanjay.sangwan 2005-06-07T09:26:27Z https://community.cisco.com/t5/network-security/pix-dns-resolution-issue/m-p/430320#M557398 <HTML><HEAD></HEAD><BODY><P>Long time ago, i had the same problem, i asked a Microsoft technical, and I know that AD+DNS can not run with NAT on Pix.</P><P>you can try</P><P>static(inside,outside) 192.168.1.90 192.168.1.90</P><P>clear xlate</P><P></P></BODY></HTML> Fri, 24 Jun 2005 07:20:24 GMT https://community.cisco.com/t5/network-security/pix-dns-resolution-issue/m-p/430320#M557398 leminhkhoi79 2005-06-24T07:20:24Z https://community.cisco.com/t5/network-security/pix-dns-resolution-issue/m-p/430321#M557399 <HTML><HEAD></HEAD><BODY><P>I tried the following on the PIX and I am through</P><P></P><P>static(inside,outside) 192.168.2.90 192.168.1.90 dns</P><P></P><P>This command does DNS doctoring through NAT.</P><P></P><P>thanks</P><P></P></BODY></HTML> Sat, 25 Jun 2005 03:21:37 GMT https://community.cisco.com/t5/network-security/pix-dns-resolution-issue/m-p/430321#M557399 sanjay.sangwan 2005-06-25T03:21:37Z https://community.cisco.com/t5/network-security/pix-dns-resolution-issue/m-p/430322#M557400 <HTML><HEAD></HEAD><BODY><P>Are you using a Windows 2003 DNS server? If so there is a known issue with DNS packet size and Windows 2003. To resolve you'll have to increase dns fixup on your pix to a larger packet size. Increasing the size of course requires 6.3 or greater Pix IOS. </P></BODY></HTML> Thu, 07 Jul 2005 21:15:24 GMT https://community.cisco.com/t5/network-security/pix-dns-resolution-issue/m-p/430322#M557400 jsalminen 2005-07-07T21:15:24Z