Solved: Using 'Alias' vs 'Outside NAT'?

rsinghnyc · ‎05-10-2006

Greetings,

I recently started with a company that has a PIX 515. I upgraded the IOS from 6.1(1)to 6.3(5), and installed PDM 3.04.

When I try to run the PIX via PDM, it prompts with "PDM does not support the 'Alias' Command in your configuration..You should migrate to the newer "Outside NAT" feature (aka Bi-Directional NAT).

Here are my statements regarding 'Alias'. Can anyone please provide insight/examples on how to migrate these statements?

alias (inside) x.x.x.x y.y.y.y 255.255.255.255

alias (dmz) x.x.x.x y.y.y.y 255.255.255.255

static (inside,outside) tcp x.x.x.x www y.y.y.y www netmask 255.255.255.255 0 0

static (inside,outside) tcp x.x.x.x citrix-ica y.y.y.y citrix-ica netmask 255.255.255.255 0 0

static (dmz,outside) tcp x.x.x.x https y.y.y.y https netmask 255.255.255.255 0 0

static (dmz,outside) tcp x.x.x.x ftp y.y.y.y ftp netmask 255.255.255.255 0 0

static (inside,outside) tcp x.x.x.x smtp y.y.y.y smtp netmask 255.255.255.255 0 0

static (inside,outside) tcp x.x.x.x www y.y.y.y www netmask 255.255.255.255 0 0

static (inside,outside) tcp x.x.x.x citrix-ica y.y.y.y citrix-ica netmask 255.255.255.255 0 0

static (inside,outside) tcp x.x.x.x 81 y.y.y.y netmask 255.255.255.255 0 0

static (inside,dmz) x.x.x.x y.y.y.y netmask 255.255.255.0 0 0

static (inside,outside) x.x.x.x y.y.y.y netmask 255.255.255.255 0 0

Fernando_Meza · ‎05-10-2006

Hi .. Alias command is used for translation of IPs that overlap .. for example if you have a remote site using 192.168.0.1 and you also have your internal LAN using the same range, then you could make 192.168.0.1 appear to your LAN as a different IP address .. in this case 10.10.10.10

alias (inside) 10.10.10.10 192.168.0.1 255.255.255.255

You could also use Alias to redirect traffic to a different address. This translates the destination IP.

In your config it seems like

alias (inside) x.x.x.x y.y.y.y 255.255.255.255

alias (dmz) x.x.x.x y.y.y.y 255.255.255.255

they have been already configured by using

static (inside,dmz) x.x.x.x y.y.y.y netmask 255.255.255.0 0 0

static (inside,outside) x.x.x.x y.y.y.y netmask 255.255.255.255 0 0

An so .. I suggest you to remove them .. then type in clear xlate ( this will interrupt your current connections for a few seconds ) .. and then test to make sure everything is OK and finally save the changes wr mem.

I hope it helps .. please rate it if it does !!! ..

View solution in original post

Fernando_Meza · ‎05-10-2006

Hi .. Alias command is used for translation of IPs that overlap .. for example if you have a remote site using 192.168.0.1 and you also have your internal LAN using the same range, then you could make 192.168.0.1 appear to your LAN as a different IP address .. in this case 10.10.10.10

alias (inside) 10.10.10.10 192.168.0.1 255.255.255.255

You could also use Alias to redirect traffic to a different address. This translates the destination IP.

In your config it seems like

alias (inside) x.x.x.x y.y.y.y 255.255.255.255

alias (dmz) x.x.x.x y.y.y.y 255.255.255.255

they have been already configured by using

static (inside,dmz) x.x.x.x y.y.y.y netmask 255.255.255.0 0 0

static (inside,outside) x.x.x.x y.y.y.y netmask 255.255.255.255 0 0

An so .. I suggest you to remove them .. then type in clear xlate ( this will interrupt your current connections for a few seconds ) .. and then test to make sure everything is OK and finally save the changes wr mem.

I hope it helps .. please rate it if it does !!! ..