Re: PIX 506E route/NAT question

erikcpelletier · ‎01-26-2005

I have a relatively new to using PIX and I have a PIX 506E with two interfaces (inside, outside). I have several statics setup to map private IP address to real IPs. I would like to be able to access the servers from the inside using the real IP. I've tried a combination of routes and other approaches without success.

Any direction would be helpful.

Thanks in advance,

Erik

turnbull · ‎01-26-2005

Hi Erik,

You are not going to be able to communicate with the servers on the inside network using the public ip addresses. They don't exist there as such.

You can configure the inside to communicate with the servers FQDN. Either through a HOSTS file entry or a DNS server. If the DNS server is hosted outside the PIX, a DNS fixup on the static will return the private ip address to the users allowing them to communicate with the servers.

Command ref:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/s.htm#wp1026694

Explanation of dns fixup

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/fixup.htm#wp1063720

The older ALIAS command

http://cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aee.shtml

Cheers,

Paul.

erikcpelletier · ‎01-27-2005

Hi Paul,

Thanks very much for your resposne. It was very helpful. That is exactly what I was trying to accomplish. I just didn't articulate it very well. I had already tried using a DNS fixup but I think I must have subnetted the alias command wrong.

I added a new alias for the range of IPs that this would affect and everything is working like a champ.

Thanks again,

Erik