02-17-2005 09:00 AM - edited 03-09-2019 10:22 AM
Hi,
I have some external partner users who need to access internet via my internal network. I will configure a pix to put the external users on outside and my network on inside. The Internet access connection will be initiated from the outside interface of the pix. I will enable DHCP server on the outside interface. However I don't want the external user to see our DNS server address. How should I configure pix to achieve this goal? Thanks!
02-17-2005 01:03 PM
hello
this cannot be done on the pix right now.. connection initiated from outside, cannot go back through the same interface, since pix OS now doesnt support icmp redirect.. pix OS 7.0 will support this.. or.. you can move the internet router to another dmz instead of having it on the ouside interface..
hope this helps..
Raj
02-18-2005 07:08 PM
Hi Raj,
I am sorry to make you confused. Below this what I am trying to do.
External User (192.168.1.2) <---> Outside Int. (192.168.1.1) [PIX] Inside Int. (192.168.2.2) <---> DNS Server (192.168.2.1)
My config. on the PIX:
------------------------------------------------
dhcpd address 192.168.1.2-192.168.1.33 outside
dhcpd dns 192.168.1.34
dhcpd lease 3000
dhcpd enable outside
fixup protocol dns maximum-length 512
static (inside,outside) 192.168.1.34 192.168.2.1
access-list dns_test permit udp any host 192.168.1.34 eq 53
access-group dns_test in interface outside
----------------------------------------------
Could you help double check whether the config is correct in concepts to achieve the goal, that is to enable the external users to use DNS service and hide internal DNS server from external users?
Thanks!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide