Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
886
Views
0
Helpful
7
Replies

alias vs outside NAT ??

alain.bider
Level 1
Level 1

‎03-16-2005 07:32 AM - edited ‎03-09-2019 10:39 AM

Hi,

I upgraded my PIX to ver 6.3.(4), PDM to 3.0 and now PDM doesn't support the alias command. It tells me to replace the alias command with outside NAT...

The reason I used alias was to replace the destination address for some traffic going from inside to DMZ, for example

alias (inside) 212.243.90.230 10.41.247.195 255.255.255.255

Which "nat outside" command should I use to have the alias command replaced???

Regards

Alain

P.S if i'm in the inside network, the dns resolution of a host in the DMZ is the outside IP, not the DMZ IP, that's why i do destination NAT from inside to dmz...

Labels:
0 Helpful
7 Replies 7

gfullage
Cisco Employee
Cisco Employee

‎03-16-2005 07:27 PM

Replace the alias command (which is being deprecated) with the following:

static (dmz,inside) 212.243.90.230 10.41.247.195 netmask 255.255.255.255

Note the interface order (dmz,inside) is the reverse of the normal static. This says that if the PIX sees a packet on the inside interface destined for 212.243.90.230, change it to 10.41.247.195 and send it to the dmz interface. I think that's what you want going by your description.

0 Helpful

max.power
Level 1
Level 1
In response to gfullage

‎03-16-2005 09:41 PM

Can you also do this on a PIX with only two interfaces? I use alias to perform dnat on PIX 501's where dns proxy is not an option.

would this work:

static(inside,inside) 212.243.90.230 10.41.247.195 netmask 255.255.255.255

:)

0 Helpful

gfullage
Cisco Employee
Cisco Employee
In response to max.power

‎03-17-2005 02:49 PM

No it won't unfortunately. You can't destination NAT traffic back out to the same interface it came in on.

0 Helpful

max.power
Level 1
Level 1
In response to gfullage

‎03-17-2005 04:23 PM

Currently you can with the alias command - why is cisco not supporting alias any more, PIX 501 needs it!

0 Helpful

alain.bider
Level 1
Level 1
In response to gfullage

‎03-18-2005 12:45 AM

Thanks for your valuable input :-)

Do you maybe know how to do this in IOS?

Alain

0 Helpful

max.power
Level 1
Level 1
In response to alain.bider

‎03-18-2005 08:28 PM

lol - sorry Alain; try adding the "dns" key word to your static statements.

static (dmz,outside) 212.243.90.230 10.41.247.195 dns netmask 255.255.255.255

that should translate any dns "reply" passing through pix.

hope that input is more valuable ;)

0 Helpful

alain.bider
Level 1
Level 1
In response to gfullage

‎03-18-2005 12:46 AM

Thanks for your valuable input :-)

Do you maybe know how to do this in IOS?

Alain

0 Helpful
Customers Also Viewed These Support Documents