Re: PIX 6.2 DNAT

ejaj · ‎05-28-2003

Hello

I am using pix 515 version 6.2. Going through 'static' command, I understood that, alias command is no more required to do DNATing, rather same can be done with word 'dns' in static command. So, I removed all alises and did this as following which didn't work. What is wrong.

static (custdmz,outside) 202.41.97.x 192.168.14.11 dns netmask 255.255.255.255 0 0

In version 5.2 I used aliases successfully. In ver 6.2, I am not using aliases command at all.

--ejaj

mhoda · ‎05-29-2003

Hi Ejaj,

pl. add one more line and execute "clear xlate" :

static (outside, custdmz) 202.41.97.x 192.168.14.11 dns

Thanks,

Mynul

chariley · ‎05-29-2003

How do you properly do this? Given:

alias (inside) 1.1.1.1 2.2.2.2 255.255.255.255

where 1.1.1.1 is the outside address

and 2.2.2.2 is the DMZ address

what is the equivilent static command?

static (inside, dmz) 2.2.2.2 1.1.1.1 dns

Do I need two entries, or will the one do?

mhoda · ‎05-30-2003

Hi,

Look like you want to do d-nat (not the dns doctoring), if thats the case, then the alias can be replaced by the following line:

static (dmz,inside) 1.1.1.1 2.2.2.2 outside

However, if you want to do the dns doctoring then this is what you need:

static (dmz, inside) 2.2.2.2 1.1.1.1 dns

Please make sure to execute the following if you want to do dns doctoring:

sysopt noproxyarp inside

Thanks,

Mynul

ejaj · ‎07-23-2003

Dear Hoda

Pl let me know If I am doing both d-nat and dns-doctoring on my pix, how to rewrite this.

--ejaj