Re: The alias command...

adrians · ‎06-05-2001

I have a pix 515 with 6 interfaces (three of which are currently used). The second and third interfaces use private addresses in the 192.168.1/24 and 192.168.0/24 address ranges. The servers behind the third interface have their IP's statically mapped to real IP's in the address space of the outside interface. I want to be able to bring up a web site on a server using it's real IP address from a machine behind interface 2 (i.e. not have to set up a new DNS server with the private IP address for every server behind interface 3...50-odd domains). I was eyeballing the "alias" command. but initial messing around was unsuccesful. Am I looking in the right direction?

s-doyle · ‎06-08-2001

Yes, alias is one way to do this. Look at http://www.cisco.com/warp/public/110/pixfaq.shtml#Q15 and http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v53/config/commands.htm#xtocid22335 Read carefully the command reference for notes on doing this on the DMZ and remember, the PIX can only spoof the DNS packet if the DNS request transverses the PIX so you can’t have your DNS server inside (It will have to be on one of the DMZ’s or outside.

adrians · ‎06-11-2001

This is the same text as in the Configuration Guide, which I guess I'll read through again...I must be overlooking something. (DNS servers are on intf2 (Production) and machines requiring resolution are on intf1 (inside), so I'll have to scrutinize my previous attempt).