Re: Alias command....?

dmox · ‎12-17-2004

I've got an internal web server that is configured correctly to accept clients that are on the Internet. However, no internal clients can connect successfully.

I've applied the command

Alias (inside) 10.x.x.26 xx.x.x.26 255.255.255.255

But it doens't work. I also get an error when logging in to the PDM "The Alias command is not supported with this version. Try using Outgoing NAt or bi-directional NAT instead."

Could someone point me to some documentation on how to use this command? I don't see anything in the Command reference on how to enable Outgoing NAT or Bi-Directional NAT.

Here's the relevant potion of my config. I've removed the Alias commands because they weren't working correctly:

access-list outside_access_in permit tcp any host xx.xx.xx.26 eq www

static (inside,outside) xx.xx.xx.26 10.xx.xx.26 netmask 255.255.255.255 0 0

access-group outside_access_in in interface outside

access-group inside_out in interface inside

sysopt connection permit-ipsec

sysopt connection permit-pptp

minoc · ‎12-17-2004

First,

If all internal clients get the public IP address instead of its internal IP add. when performing dns resolution, you need to change your static statement to:

static (inside,outside) x.x.x.26 10.x.x.26 dns netmask 255.255.255.255

This will do bi-directional NAT to client request from the inside. After doing this do not forget to perform:

clear xlate

and

clear arp

For the change to take effect.

Second,

If you have an internal DNS server make sure all records are configured correct and your internal clients are using this DNS server...

With an internal DNS server you do not need to change the static command...

Regards,

Carlos Roque

Office Of Management And Budget