cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1933
Views
0
Helpful
2
Replies

pix 515 6.0.1 with 3 interfaces

ytalibi
Level 1
Level 1

i have a DNS server on DMZ, i want inside users to ping DNS server with his public address

2 Replies 2

metin
Level 1
Level 1

You have to do static NAT inside to DMZ and conduit commands required.

jekrauss
Level 1
Level 1

If your DNS server on the DMZ has a static to the outside, then you are trying to send a packet through the outside interface, then turn back around and come back in the outside interface.

This is essentially a redirect, which the ASA (rule engine) of the PIX will not permit. You should be able to reach the dns server using the private ip address or by domain name if using the alias command.

If you are not using a static for your DNS server, and it is dual-homed, then it should work fine (kind of defeats the purpose of the PIX though).

HTH

Jeff

Review Cisco Networking for a $25 gift card