Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
803
Views
0
Helpful
8
Replies

dns on pix

rpalacio
Level 1
Level 1

‎11-19-2005 04:09 AM - edited ‎02-21-2020 12:32 AM

dns_inside----pix-----user

dns is at the inside subnet

user is on the dmz

domain controller on the inside subnet

observations;

1. with nat (inside) 0 0 , the user could logon to the domain, but couldnt brouse any machine on the inside.

2. with nat (inside) 1 0 0 , user couldnt logon to the domain controller. static command is invoke with the ff detail

static (inside, dmz) 10.2.2.10 10.1.1.10

10.1.1.10 is the dns

10.2.2.10 is the outside mapped ip

ping from user to 10.2.2.10 is ok.

10.2.2.10 is configured as dns on windows user.

why cant i have dns service if am using nat?

Without nat, why cant i browse the inside network? i could find a computer on the inside using the computer name, thus dns is doing his job. I just cant browse.

anyone here could help me pls..

thanks a lot.

0 Helpful
8 Replies 8

nkhawaja
Cisco Employee
Cisco Employee

‎11-19-2005 11:28 AM

hi,

the rule of translation requies you to have static translation if you want connection from dmz to inside.

so you have to use static translation or nat 0 with access-list

thanks

Nadeem

0 Helpful

rpalacio
Level 1
Level 1
In response to nkhawaja

‎11-19-2005 12:22 PM

ive done that, thats why i was able to login to the domain controller inside from a user on the DMZ.

0 Helpful

nkhawaja
Cisco Employee
Cisco Employee
In response to rpalacio

‎11-20-2005 05:55 AM

so what is your question/issue?

0 Helpful

rpalacio
Level 1
Level 1
In response to nkhawaja

‎11-20-2005 12:20 PM

the issue is i cant browse the inside network from the dmz...

inside is where servers are.

dmz is where users are.

0 Helpful

nkhawaja
Cisco Employee
Cisco Employee

‎11-20-2005 04:09 PM

browsing the servers means? you cant connect via http or via windows network share etc.

in either case, you need to have an Access-list applied on the dmz interface to allow the desired traffic to reach the inside from dmz

0 Helpful

rpalacio
Level 1
Level 1
In response to nkhawaja

‎11-20-2005 08:09 PM

i cant see any macine on the inside from the network neighborhood. But if i do a search on the machine thru their computer names, it works.

0 Helpful

nkhawaja
Cisco Employee
Cisco Employee

‎11-21-2005 01:33 PM

may be it requires WINS setting. or the necessary ports to be opened.

0 Helpful

rpalacio
Level 1
Level 1
In response to nkhawaja

‎11-21-2005 11:15 PM

hello,

It was able to browse the network even by just having a DNS. Server IPs must not be translated between inside and dmz though i still have to invoke the static command.

I dont know but its just taking a lot of time to for the pix to discover the network.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card