https://community.cisco.com/t5/network-security/pix-515-6-0-1-with-3-interfaces/m-p/9716#M697877 <P>i have a DNS server on DMZ, i want inside users to ping DNS server with his public address</P> Fri, 21 Feb 2020 05:48:45 GMT ytalibi 2020-02-21T05:48:45Z https://community.cisco.com/t5/network-security/pix-515-6-0-1-with-3-interfaces/m-p/9716#M697877 <P>i have a DNS server on DMZ, i want inside users to ping DNS server with his public address</P> Fri, 21 Feb 2020 05:48:45 GMT https://community.cisco.com/t5/network-security/pix-515-6-0-1-with-3-interfaces/m-p/9716#M697877 ytalibi 2020-02-21T05:48:45Z https://community.cisco.com/t5/network-security/pix-515-6-0-1-with-3-interfaces/m-p/9717#M697888 <HTML><HEAD></HEAD><BODY><P>You have to do static NAT inside to DMZ and conduit commands required. </P></BODY></HTML> Tue, 10 Jul 2001 13:33:04 GMT https://community.cisco.com/t5/network-security/pix-515-6-0-1-with-3-interfaces/m-p/9717#M697888 metin 2001-07-10T13:33:04Z https://community.cisco.com/t5/network-security/pix-515-6-0-1-with-3-interfaces/m-p/9718#M697910 <HTML><HEAD></HEAD><BODY><P>If your DNS server on the DMZ has a static to the outside, then you are trying to send a packet through the outside interface, then turn back around and come back in the outside interface. </P><P></P><P>This is essentially a redirect, which the ASA (rule engine) of the PIX will not permit. You should be able to reach the dns server using the private ip address or by domain name if using the alias command.</P><P></P><P>If you are not using a static for your DNS server, and it is dual-homed, then it should work fine (kind of defeats the purpose of the PIX though).</P><P></P><P>HTH</P><P>Jeff</P></BODY></HTML> Tue, 10 Jul 2001 14:06:03 GMT https://community.cisco.com/t5/network-security/pix-515-6-0-1-with-3-interfaces/m-p/9718#M697910 jekrauss 2001-07-10T14:06:03Z