PDM issues with ALIAS command

trvenkatesan · ‎10-26-2003

I have a need to allow users on the inside interface access to a web server in the dmz using the global address. I used the "alias" command. The relevant config lines I put are as follows:

static(dmz,outside) 205.242.218.70 172.22.1.11 netmask 255.255.255.255 0 0

alias (inside) 205.242.218.70 172.22.1.11 255.255.255.0

I am able to ping the web server from inside using both internal and global address of the web server. But PDM ver 3.0 does not support the "alias" command and suggests using "Outside NAT". I have looked at the concept of outside NAT and don't think it will work for this scenario. Can someone help with the syntax of the outside NAT statement to achieve the same results or any other way of doing this? Thanks.

scoclayton · ‎10-26-2003

Hi,

PDM does not support the alias command. We are trying to phase this command out as we have seen that it causes too many problems. All functions of the alias command are now supported with other options. In your case, you want to use destination NAT. For your scenerio, add the following static in PDM:

static (dmz, inside) 205.242.218.70 172.22.1.11 netmask 255.255.255.255 0 0

** note that the interfaces are reversed (lower security, higher security) than what you would normally do. This forces the PIX to destination NAT the packets so packets received for 205.242.218.70 on the inside interface will be sent to 172.22.1.11 on the dmz interface.

Good luck,

Scott

trvenkatesan · ‎10-26-2003

Thanks for your help. I added the command you suggested and it works fine.

thiru

trvenkatesan · ‎10-26-2003

I forgot to mention about the very quick response from you - matter of hours- that too on a Sunday !

Go CISCO !!!. Thanks again.

thiru