Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
784
Views
0
Helpful
1
Replies

PIX 520: Inside to DMZ using public IP's

jeasley
Level 1
Level 1

‎08-29-2002 07:28 AM - edited ‎02-20-2020 10:13 PM

Hello,

I have a web server and a nameserver on my DMZ and need to allow all users from inside the private network to access the companies web using its domain name, which will be resolved to a public IP by the nameserver on the DMZ.

Here is a sample:

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 dmz1 security10

ip address outside 206.139.48.2 255.255.255.248

ip address inside 192.168.11.249 255.255.255.0

ip address dmz1 10.10.76.254 255.255.255.0

static (dmz1,outside) 206.139.48.3 10.10.76.11 netmask 255.255.255.255 0 0

static (dmz1,outside) 206.139.48.4 10.10.76.12 netmask 255.255.255.255 0 0

Right now I can access everything using the 10.10.76.x addresses, but it fails when using the public IP's. Is this an access-list issue? I would assume that since 206.139.48.x is a directly connected network to the PIX that there would be no issue such as this.

Thanks in advance for any help.

Jim

0 Helpful
1 Reply 1

jshakyan
Cisco Employee
Cisco Employee

‎09-08-2002 10:33 PM

Jim,

If you want to configure your internal hosts to use Public IP addresses of the Web and DNS server, you need to configure "Alias" command on inside interface. In your case it will be:

alias (inside) 206.139.48.3 10.10.76.11 255.255.255.255

alias (inside) 206.139.48.4 10.10.76.12 255.255.255.255

These entries will cause PIX firewall to do a DNAT (destination NAT).

For more details check out the following link.

http://www.cisco.com/warp/public/110/alias.html#dmz

Joseph Shakyan

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card