03-16-2005 07:32 AM - edited 03-09-2019 10:39 AM
Hi,
I upgraded my PIX to ver 6.3.(4), PDM to 3.0 and now PDM doesn't support the alias command. It tells me to replace the alias command with outside NAT...
The reason I used alias was to replace the destination address for some traffic going from inside to DMZ, for example
alias (inside) 212.243.90.230 10.41.247.195 255.255.255.255
Which "nat outside" command should I use to have the alias command replaced???
Regards
Alain
P.S if i'm in the inside network, the dns resolution of a host in the DMZ is the outside IP, not the DMZ IP, that's why i do destination NAT from inside to dmz...
03-16-2005 07:27 PM
Replace the alias command (which is being deprecated) with the following:
static (dmz,inside) 212.243.90.230 10.41.247.195 netmask 255.255.255.255
Note the interface order (dmz,inside) is the reverse of the normal static. This says that if the PIX sees a packet on the inside interface destined for 212.243.90.230, change it to 10.41.247.195 and send it to the dmz interface. I think that's what you want going by your description.
03-16-2005 09:41 PM
Can you also do this on a PIX with only two interfaces? I use alias to perform dnat on PIX 501's where dns proxy is not an option.
would this work:
static(inside,inside) 212.243.90.230 10.41.247.195 netmask 255.255.255.255
:)
03-17-2005 02:49 PM
No it won't unfortunately. You can't destination NAT traffic back out to the same interface it came in on.
03-17-2005 04:23 PM
Currently you can with the alias command - why is cisco not supporting alias any more, PIX 501 needs it!
03-18-2005 12:45 AM
Thanks for your valuable input :-)
Do you maybe know how to do this in IOS?
Alain
03-18-2005 08:28 PM
lol - sorry Alain; try adding the "dns" key word to your static statements.
static (dmz,outside) 212.243.90.230 10.41.247.195 dns netmask 255.255.255.255
that should translate any dns "reply" passing through pix.
hope that input is more valuable ;)
03-18-2005 12:46 AM
Thanks for your valuable input :-)
Do you maybe know how to do this in IOS?
Alain
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide