https://community.cisco.com/t5/network-security/pix-520-3-port-version-6-0-1/m-p/11716#M697817 <HTML><HEAD></HEAD><BODY><P>I'm not sure I completely understand your situation. However, the behavior of the PIX, using the alias command, has changed in 6.0(1). In 6.0(1), when you use the alias command to DNS fixup (which you are trying to do), the PIX interface will now proxy-arp for the aliased address. This is useful if you are using the alias command for destination NAT, but causes DNS fixup to not work. </P><P></P><P>After you have implemented the alias command, do a show arp and check the MAC address that is associated with your alias address. You may find that it is one of the PIX interfaces (inside or DMZ). If so, then enabling sysopt noproxyarp (PIX_interface) will resolve the issue.</P><P></P><P>HTH</P><P>Jeff</P></BODY></HTML> Sun, 15 Jul 2001 22:39:38 GMT jekrauss 2001-07-15T22:39:38Z https://community.cisco.com/t5/network-security/pix-520-3-port-version-6-0-1/m-p/11715#M697812 <P>I have a pix 520 with 3 ports, at the DMZ there is a web server,I use the static command to allow outside user access the web server,To allow inside user access the web server correctly,I use the alias command to resolve the domain name to DMZ IP address 192.168.1.253.</P><P>The question is when I use alias command to resolve the domain name , it works well,the domain ip address isn't the global ip address 211.99.175.50.</P><P>but the inside user cann't access the webserver.</P><P>at this time,I ping the 192.168.1.253, the pix nat it to the outside pool,but if I ping the 192.168.1.252 etc. the pix nat it to the DMZ .</P><P>If I don't use the alias command, when i ping the 192.168.1.253, the pix nat it to the DMZ,that is correct,but you know ,the inside user cann't access the webserver correctly at this time.</P><P>What can I do,I need your help</P><P>Duzaidong , Thanks</P><P></P><P></P><P></P> Fri, 21 Feb 2020 05:48:55 GMT https://community.cisco.com/t5/network-security/pix-520-3-port-version-6-0-1/m-p/11715#M697812 xiao0809 2020-02-21T05:48:55Z https://community.cisco.com/t5/network-security/pix-520-3-port-version-6-0-1/m-p/11716#M697817 <HTML><HEAD></HEAD><BODY><P>I'm not sure I completely understand your situation. However, the behavior of the PIX, using the alias command, has changed in 6.0(1). In 6.0(1), when you use the alias command to DNS fixup (which you are trying to do), the PIX interface will now proxy-arp for the aliased address. This is useful if you are using the alias command for destination NAT, but causes DNS fixup to not work. </P><P></P><P>After you have implemented the alias command, do a show arp and check the MAC address that is associated with your alias address. You may find that it is one of the PIX interfaces (inside or DMZ). If so, then enabling sysopt noproxyarp (PIX_interface) will resolve the issue.</P><P></P><P>HTH</P><P>Jeff</P></BODY></HTML> Sun, 15 Jul 2001 22:39:38 GMT https://community.cisco.com/t5/network-security/pix-520-3-port-version-6-0-1/m-p/11716#M697817 jekrauss 2001-07-15T22:39:38Z https://community.cisco.com/t5/network-security/pix-520-3-port-version-6-0-1/m-p/11717#M697838 <HTML><HEAD></HEAD><BODY><P>Thanks for your help</P><P></P><P>According your instruction,I try again but the problem still isn't solved.</P><P></P><P>when I ping the domain name, The alias command works well, It can transfer the DNS to DMZ address, But the Nat still direct the traffic to the outside interface.</P><P></P><P></P><P></P><P></P><P></P></BODY></HTML> Mon, 16 Jul 2001 04:09:41 GMT https://community.cisco.com/t5/network-security/pix-520-3-port-version-6-0-1/m-p/11717#M697838 xiao0809 2001-07-16T04:09:41Z