10-26-2003 05:10 AM - edited 03-09-2019 05:17 AM
I have a need to allow users on the inside interface access to a web server in the dmz using the global address. I used the "alias" command. The relevant config lines I put are as follows:
static(dmz,outside) 205.242.218.70 172.22.1.11 netmask 255.255.255.255 0 0
alias (inside) 205.242.218.70 172.22.1.11 255.255.255.0
I am able to ping the web server from inside using both internal and global address of the web server. But PDM ver 3.0 does not support the "alias" command and suggests using "Outside NAT". I have looked at the concept of outside NAT and don't think it will work for this scenario. Can someone help with the syntax of the outside NAT statement to achieve the same results or any other way of doing this? Thanks.
10-26-2003 05:29 AM
Hi,
PDM does not support the alias command. We are trying to phase this command out as we have seen that it causes too many problems. All functions of the alias command are now supported with other options. In your case, you want to use destination NAT. For your scenerio, add the following static in PDM:
static (dmz, inside) 205.242.218.70 172.22.1.11 netmask 255.255.255.255 0 0
** note that the interfaces are reversed (lower security, higher security) than what you would normally do. This forces the PIX to destination NAT the packets so packets received for 205.242.218.70 on the inside interface will be sent to 172.22.1.11 on the dmz interface.
Good luck,
Scott
10-26-2003 09:47 AM
Thanks for your help. I added the command you suggested and it works fine.
thiru
10-26-2003 09:50 AM
I forgot to mention about the very quick response from you - matter of hours- that too on a Sunday !
Go CISCO !!!. Thanks again.
thiru
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide