who can tell me alias command's function
topology like this:
inside lan ------pix---- outside internet
lan ip : 192.168.1.0
lan server ip : 192.168.1.100
outside ip : 18.104.22.168
outside server ip : 22.214.171.124
somebody tell me the alias can achieve functions like below:
rewrite the DNS packet's address with inside address
when my inside host 192.168.1.2 want to access the inside server's web pages.
the inside host enter "http://www.alias.com" into the IE address bar.
and he will get the DNS answer of 126.96.36.199,that address is the inside server's nat outside address in fact.
if we don't use alias command,we will not get 188.8.131.52's web pages.
using alias,the 184.108.40.206 will be rewrite to 192.168.1.100.
my question is , if alias can only change the DNS's reply?
if alias can help us,when we type url "220.127.116.11" directly from our IE address bar ?
Not sure if the command in question is for the PIX or regular IOS.
For regular IOS, please see:
Hi, leave it to cisco to bring confusion to a simple command like alias. The CLI connamd line alias is a way to reduce your key strokes when entering commands by CLI, 2 the alias command for the PIX can change the DNS response read the document below. Hope thi sis helpful.
This document explains the use of the alias command on the Cisco Secure PIX Firewall.
The alias command has two functions:
You can use the alias command to perform DNS Doctoring of DNS replies from an external DNS server.
In DNS Doctoring, the PIX changes the DNS response from a DNS server to be a different IP address than the DNS server actually answered for a given name.
This process is used when you want the actual application call from the internal client to connect to an internal server by its internal IP address.
You can use this command to perform Destination NAT (dnat) of one destination IP address to another IP address.
In dnat, the PIX changes the destination IP of an application call from one IP address to another IP address.
This process is used when you want the actual application call from the internal client to the server in a perimeter (dmz) network by its external IP address. This does not "doctor" the DNS replies.
For example, if a host sends a packet to 18.104.22.168, you can use the alias command to redirect traffic to another address, such as 10.10.10.10. You can also use this command to prevent conflicts when you have IP addresses on a network that are the same as those on the Internet or another intranet. Consult the PIX documentation for more information