07-15-2001 02:38 AM - edited 03-08-2019 08:28 PM
I have a pix 520 with 3 ports, at the DMZ there is a web server,I use the static command to allow outside user access the web server,To allow inside user access the web server correctly,I use the alias command to resolve the domain name to DMZ IP address 192.168.1.253.
The question is when I use alias command to resolve the domain name , it works well,the domain ip address isn't the global ip address 211.99.175.50.
but the inside user cann't access the webserver.
at this time,I ping the 192.168.1.253, the pix nat it to the outside pool,but if I ping the 192.168.1.252 etc. the pix nat it to the DMZ .
If I don't use the alias command, when i ping the 192.168.1.253, the pix nat it to the DMZ,that is correct,but you know ,the inside user cann't access the webserver correctly at this time.
What can I do,I need your help
Duzaidong , Thanks
07-18-2001 10:49 AM
This is because the alias command does two things, fixes up the DNS packet and changes the destination address. The workaround is to reverse the ip addresses in the alias statement. I think there's a new sysopt command that works too. Look at this for details: http://www.cisco.com/warp/customer/110/top_issues/pix/issue_alias.html
10-08-2001 08:46 PM
I am in the same case and my commands are,
alias (inside) web-public-ip web-private-ip 255.255.255.255
sysopt nodnsalias inbound
it works. the internal users can access the web by domain name. however, the pix firewall hangs very often and needs to be reboot, do any of you experience this and what's the solution? i have tried 5.3.1 and 6.0.1
11-14-2001 04:35 AM
Check out Bug Id : CSCdu74759
6.0.1 introduced a problem with alias after a fix for a previous bug.
Workaround is to disable proxy arp on internal interfaces with the " sysopt noproxyarp " command
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide