Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
617
Views
0
Helpful
3
Replies

Pix 6.33 static dns command problem

mingchieh
Level 1
Level 1

‎09-07-2003 10:58 PM - edited ‎02-20-2020 10:58 PM

Hello!!

Recently , I upgrade my pix 515-ur from 6.1 to 6.33

I feel something wrong

this is my static command , it works fine on ver 6.1

static(inside,outside) tcp 123.123.123.123 domain 192.168.254.49 domain dns netmask 255.255.255.255

static(inside,outside) tcp 111.111.111.111 www 192.168.254.50

dns netmask 255.255.255.255

my dns server's real IP is 192.168.254.49

my web server's real IP is 192.168.254.50

When someone want access my web server , Pix will translate my Web server (192.168.254.50) to public IP (111.111.111.111)

everything is oK on ver 6.1 (do not need Alias command)

But when I upgrade to pix 6.33 ,

the static can not translate DNS name from 192.168.254.50 to 111.111.111.111, I will translate just 192.168.254.50, so outside user can not access my Web server

Why ??

I have key "clear xlate " serval times

0 Helpful
3 Replies 3

ovt
Level 4
Level 4

‎09-08-2003 12:11 AM

Hi!

Hystorically there are many bugs in the "DNS doctoring" functionality on PIX. As a possible workaround disable "port redirection" in the static (use entire IP address for your www server, rather than just port 80). If it doesn't help try to reconfigure static the other way round: "static (outside, inside) 192.168.254.50 111.111.111.111 dns". Also, check the DNS fixup: "fixup protocol dns". It should be turned on.

HTH

Oleg Tipisov,

REDCENTER,

Moscow

0 Helpful

bill.james
Level 1
Level 1
In response to ovt

‎09-08-2003 07:39 AM

I guess I have a similar problem with 6.2(3).

I'm configuring all our publicly accessible machines (for Web, Mail and DNS) on the DMZ, with static mappings to appropriate addresses on the inside and outside. Everything works except for DNS rewriting on the static mappings, which persists in offering the DMZ local addresses, rather than the corresponding inside or outside address.

I've tried reversing the static commands, and I have only the undocumented 'fixup protocol domain nn'.

Bill

0 Helpful

bill.james
Level 1
Level 1
In response to bill.james

‎09-12-2003 07:03 AM

To my delight, this was all working the following morning. 'clear xlate' was needed for the adding

of dns to the static definition to have immediate effect!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card