Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1673
Views
0
Helpful
16
Replies

PIX DMZ contains both outside DNS and e-mail server, doesn't work.

mismtk2007
Level 1
Level 1

‎11-08-2007 08:42 AM - edited ‎03-03-2019 07:27 PM

I have a pair of failover Pix 515e running software (8.02) and I have 6 interfaces. Outside, inside, inside2, DMZ1, DMZ2, failover.

DMZ2 contains our external DNS server that services DNS requests for our domain and several client's domains that we host. We recently moved a client's dedicated server to DMZ2 and now DNS doesn't work between that server and our DNS server because they are always looking to route to the external IP but they are on the same switch and interface of the Pix.

What I need to know is how can I either route the traffic so it doesn't try to go out and back in or some solution for servicing DNS requests to outside and locally differently. Any help is greatly appreciated.

Labels:
0 Helpful
16 Replies 16

acomiskey
Level 10
Level 10
In response to mismtk2007

‎11-09-2007 06:12 AM

What did you end up doing?

0 Helpful

mismtk2007
Level 1
Level 1
In response to acomiskey

‎11-09-2007 06:33 AM

I entered:

same-security-traffic permit intra-interface

and then I tweaked the ACLs and NAT rules accordingly and it is working for everything except DNS. But the DNS is not being dropped due to an ACL but rather this inspection error.

0 Helpful
Customers Also Viewed These Support Documents