I am having this EXACT same problem.. I was about to start my own thread on it, but I'll jump in on this one. so, if I try to add something similar to:

static (inside,outside) 123.123.123.1 192.168.123.1 dns

static (inside,outside) 123.123.123.2 192.168.123.2 dns

(with my own ip's of course) will this fix the problem we are describing and still allow normal mail to go through to external mail servers, or will this fix our problem and create a different one? Both mail servers are working fine right now except for the fact that they can't send mail to each other, I just want to make sure I'm not fixing one thing and breaking another with your suggestion. As you suggested earlier, my only dns server is the one from the co-location site, not my own server.

--pete

I am having the same problem as well, except our problem is with people who use laptops and work from the office and home. When they come to the office, they have to change their mail server to the internal address, and when they go home they have to change it back to the external address. I know this doesn't seem like that much of a hassle, but I get complaints about it all the time. We have an internal DNS Server, but the DNS server with records pointing to the external IP address of the mail server is, of course, outside the network. Would this DNS fix work in my situation? Any other ideas?

I tried adding an alias so that DNS requests coming from an external DNS server for the mail server would be changed to the internal address of the mail server:

alias (inside) Mailers1 Mailers-ext 255.255.255.255

Mailers1 is the internal IP address and Mailers-ext is the external IP address as defined by the name command.

I still get the external address when I try to ping it from inside, though. I flushed the DNS cache on my PC and cleared the DNS cache on our internal DNS server. Any Ideas?

I've heard that alias commands have been known to screw up existing access list rules. Is this something I saw on old pix versions and fixed now?

The alias command will no longer be support in version 7.0. Cisco recommends the use of the dns statement in the static for doing that tweaking for internal users to access the servers in the DMZ.

PIX OS will be released in about 2 or 3 month.

sincerely

Patrick

Update.. I've changed my static routes to the following and unfortunately I still cannot not access the webserver by domain name from the inside or dmz.

static (dmz,outside) 70.x.x.100 web1 netmask 255.255.255.255 0 0 dns

static (dmz,outside) 70.x.x.101 web2 netmask 255.255.255.255 0 0 dns

am I missing something? Also, is the "dns" I added supposed to show in the config lines when I do a "show config" because it doesn't.

--pete

One more update.. I figured out that I had typed in those commands wrong and that the "dns" was supposed to go before "netmask" i.e

static (dmz,outside) 70.x.x.100 web1 dns netmask 255.255.255.255 0 0. It now shows up correctly in the config, but it still didn't work! The url is still pointing to the outside address. Do I add another translation, but reversing the 2 addresses? i.e.

static (dmz,outside) web1 70.x.x.100 dns netmask 255.255.255.255 0 0