Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
307
Views
0
Helpful
1
Replies

alias command confusion....help please

mjsully
Level 1
Level 1

‎07-13-2004 05:35 AM - edited ‎03-09-2019 08:02 AM

I need some help with clarifying how to use the alias command on the pix. In the cisco documentation it states this is the command syntax:

alias [(if_name)] dnat_ip foreign_ip [netmask]

dnat_ip

An IP address on the internal network that provides an alternate IP address for the external address that is the same as an address on the internal network.

foreign_ip

IP address on the external network that has the same address as a host on the internal network.

if_name

The internal network interface name in which the foreign_ip overlaps.

Then it goes on to say:

You can also use this command to do address translation on a destination address. For example, if a host sends a packet to 209.165.201.1, you can use the alias command to redirect traffic to another address, such as, 209.165.201.30.

the first example says the dnat address is the address you want the outside address to be translated into. the second example seems to contradict that, or maybe I am reading it wrong.

anyways, I'm confused on the use of the alias. I realize it has a benefit to do dns doctoring, but other than that, when it comes to strictly translating, why not just use a static command to do this? I don't see why an alias is necessary at all? can someone clarify? thanks

Labels:
0 Helpful
1 Reply 1

rwcrowe
Level 1
Level 1

‎07-13-2004 07:47 AM

The alias command is being phased out. Most functions are being replaced by the static command. Below is a scenario that explains what it was used for:

Company A hosts their webpage internally. They have a PIX as a firewall. They have a static so that the web page can be accessed externally. Company A does not have an internal DNS server though. So when someone internal types in http://www.CompanyA.com their query goes to their ISP's DNS server, but that DNS server returns the public IP (the static on the PIX). The PIX denies the traffic to the webserver as it sees the internal client's request going out the pix and then back in to the public IP.

The alias command could be used in this scenario. ie,

alias (inside) internal_webserver_ip external_webserver_ip

With this command if the PIX sees requests going out to the external IP it will redirect them to the internal IP. Hence the scenario above will allow the internal clients to access the internal webserver.

0 Helpful
Customers Also Viewed These Support Documents