Showing results for 
Search instead for 
Did you mean: 

question about alias command

who can tell me alias command's function

topology like this:

inside lan ------pix---- outside internet

lan ip :

lan server ip :

outside ip :

outside server ip :

somebody tell me the alias can achieve functions like below:

rewrite the DNS packet's address with inside address

when my inside host want to access the inside server's web pages.

the inside host enter "" into the IE address bar.

and he will get the DNS answer of,that address is the inside server's nat outside address in fact.

if we don't use alias command,we will not get's web pages.

using alias,the will be rewrite to

my question is , if alias can only change the DNS's reply?

if alias can help us,when we type url "" directly from our IE address bar ?

Hall of Fame Mentor

Re: question about alias command

Not sure if the command in question is for the PIX or regular IOS.

For regular IOS, please see:


Re: question about alias command

Hi, leave it to cisco to bring confusion to a simple command like alias. The CLI connamd line alias is a way to reduce your key strokes when entering commands by CLI, 2 the alias command for the PIX can change the DNS response read the document below. Hope thi sis helpful.


This document explains the use of the alias command on the Cisco Secure PIX Firewall.

The alias command has two functions:

You can use the alias command to perform DNS Doctoring of DNS replies from an external DNS server.

In DNS Doctoring, the PIX changes the DNS response from a DNS server to be a different IP address than the DNS server actually answered for a given name.

This process is used when you want the actual application call from the internal client to connect to an internal server by its internal IP address.

You can use this command to perform Destination NAT (dnat) of one destination IP address to another IP address.

In dnat, the PIX changes the destination IP of an application call from one IP address to another IP address.

This process is used when you want the actual application call from the internal client to the server in a perimeter (dmz) network by its external IP address. This does not "doctor" the DNS replies.

For example, if a host sends a packet to, you can use the alias command to redirect traffic to another address, such as You can also use this command to prevent conflicts when you have IP addresses on a network that are the same as those on the Internet or another intranet. Consult the PIX documentation for more information

CreatePlease to create content
Content for Community-Ad