Solved: static translations and dns

tjmaurin · ‎03-05-2003

I have a web server on my dmz. Computers on the dmz can not access it by name. The problem is that the DNS returns the outside (real) ip. I need the dmz to translate it into a local ip. I am using the PDM so I am not using aliases. Any help would be appreciated.

shannong · ‎03-05-2003

You can do this with the [static] commands and the "dns" option.

static (dmz,outside) 123.123.123.123 192.168.1.1 dns netmask 255.255.255.255 [the dns keyword tells the pix to do DNS doctoring for this translation because DNS resolves to the public IP]

static (dmz,inside) 123.123.123.123 192.168.1.1 netmask 255.255.255.255 [allows internal hosts to connect to the public IP found in DNS and translates it to the private IP on the way to the DMZ]

Make sure to do a [clear xlate] after the changes.

If you're running below 6.2, you'll have to do some form of [alias] on the Pix.

View solution in original post

shannong · ‎03-05-2003

You can do this with the [static] commands and the "dns" option.

static (dmz,outside) 123.123.123.123 192.168.1.1 dns netmask 255.255.255.255 [the dns keyword tells the pix to do DNS doctoring for this translation because DNS resolves to the public IP]

static (dmz,inside) 123.123.123.123 192.168.1.1 netmask 255.255.255.255 [allows internal hosts to connect to the public IP found in DNS and translates it to the private IP on the way to the DMZ]

Make sure to do a [clear xlate] after the changes.

If you're running below 6.2, you'll have to do some form of [alias] on the Pix.