Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
626
Views
0
Helpful
7
Replies

PIX DNS resolution issue

sanjay.sangwan
Level 1
Level 1

‎06-05-2005 11:39 PM - edited ‎02-21-2020 12:11 AM

HI,

I am trying to login to active directory server on inside from an outside of a PIX.The server works as DNS also.Follwing IP address is mapped

static(inside,outside) 192.168.2.90 192.168.1.90

AD Server(DNS)= 192.168.1.90

When I am trying to access the DNS from outside on 192.168.2.90 , The internal DNS replies with the 192.168.1.90 as AD domain name and login fails.How can I get the NATED IP as the Domain IP from the DNS.

Sanjay

0 Helpful
7 Replies 7

johansens
Level 4
Level 4

‎06-06-2005 02:49 AM

Check this page:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aee.shtml

Maybe this config will work?

alias (outside) 192.168.2.90 192.168.1.90 255.255.255.255

sysopt noproxyarp outside

0 Helpful

sanjay.sangwan
Level 1
Level 1
In response to johansens

‎06-06-2005 08:36 PM

Thanx

I tried the above commands but the nslookup still shows the 192.168.1.90 (actual IP) and I am not through.

Sanjay

0 Helpful

a.alekseev
Level 7
Level 7

‎06-06-2005 08:56 PM

you can also try

static(inside,outside) 192.168.2.90 192.168.1.90 dns

clear xlate

0 Helpful

sanjay.sangwan
Level 1
Level 1
In response to a.alekseev

‎06-07-2005 02:26 AM

Hi ,

I had already tried this, I think this is an alternative to alias command in the newer versions.But it didn't work.I also tried to fiddle with the DNS entries.In forward lookup zone in Name server entries if am adding 192.168.2.90 as a second entry , I am able to join the domain from outside.But if I am restarting the server the entry goes off and it stops working.I couldnot understand whether it is a microsoft issue or PIX issue.

0 Helpful

leminhkhoi79
Level 1
Level 1
In response to sanjay.sangwan

‎06-24-2005 12:20 AM

Long time ago, i had the same problem, i asked a Microsoft technical, and I know that AD+DNS can not run with NAT on Pix.

you can try

static(inside,outside) 192.168.1.90 192.168.1.90

clear xlate

0 Helpful

sanjay.sangwan
Level 1
Level 1
In response to leminhkhoi79

‎06-24-2005 08:21 PM

I tried the following on the PIX and I am through

static(inside,outside) 192.168.2.90 192.168.1.90 dns

This command does DNS doctoring through NAT.

thanks

0 Helpful

jsalminen
Level 1
Level 1

‎07-07-2005 02:15 PM

Are you using a Windows 2003 DNS server? If so there is a known issue with DNS packet size and Windows 2003. To resolve you'll have to increase dns fixup on your pix to a larger packet size. Increasing the size of course requires 6.3 or greater Pix IOS.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card