Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1976
Views
0
Helpful
1
Replies

PIX 520 with 3 ports,version 6.0(1)

xiao0809
Level 1
Level 1

‎07-16-2001 03:33 AM - edited ‎02-20-2020 09:48 PM

The web server is on the DMZ zone,but inside user cann't access the web server,I try to use the alias command to solver this problem.

alias (inside) 192.168.1.252 211.99.175.50

after doing so, when I ping our domain name I can see the domain name is translate from global ip address 211.99.175.50 to DMZ ip address 192.168.1.252 ,that indicate the alias works well.

but at this time, the NAT didn't work well, the PIX direct the traffic to the outside port,using debug icmp trace command,I can see the following result:

ICMP reques:192.168.10.10>211.99.175.60>192.168.1.252

I have been trying use "SYSOPT NOPROXYARP" command but it looks doesn't work well.

And I am trying add a static MAC address in the ARP table, It also didn't resolve this problem. By the way, after added the alias command ,I use "show arp" command to check arp table, There isn't any Mac address associated with my alias address.

I have tried all kind of method to solve this question, I nedd your help.

Thanks a lot!

0 Helpful
1 Reply 1

metin
Level 1
Level 1

‎07-16-2001 06:42 AM

Hello,

You should enter the static PAT command inside to DMZ.

For Example; the IP Address of DMZ interface 10.20.1.1 255.255.255.0 and IP Address of inside interface 10.10.1.1 255.255.255.0

enter this command,

global (dmz) 1 10.20.1.29 netmask 255.255.255.255

nat (inside) 1 10.10.0.0 255.255.240.0 0 0

packets from inside to dmz they will not go to the outside.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card