Smart questions
Smart answers
Smart people
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Member Login
Remember Me
Forgot Password?
Join Us!

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips now!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
Join Tek-Tips
*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

LINK TO THIS FORUM!

Add Stickiness To Your Site By Linking To This Professionally Managed Technical Forum.
Just copy and paste the
code below into your site.

Tek-Tips LinkedIn® Group

Partner With Us!

"Best Of Breed" Forums Add Stickiness To Your Site
Partner Button
(Download This Button Today!)

Feedback

"...At last there is indeed a website/forum that deals with professional and serious matters. Keep up with the good work!!"
More...

Geography

Where in the world do Tek-Tips members come from?
Click Here To Find Out!

Tek-Tips Shirts!

Get Tek-Tips Swag
Get your
Tek-Tips Forums
SWAG here!
Home > Forums > MIS/IT > Security Solutions > Cisco Systems: PIX Firewall > FAQs

Cisco Systems: PIX Firewall FAQ

Pix Hints and Tricks

I can't access my DMZ server via its OUTSIDE address - ALIAS / NAT OUTSIDE?
faq35-6266
Posted: 28 Mar 06 (Edited 28 Mar 06)

THE SCENARIO:

I have a LAN with lots of PCs which can access the INTERNET (INSIDE) 10.0.0.0/16
I have a web server on the DMZ (10.1.0.50) which is translated to 62.136.0.50 on the OUTSIDE

The WORLD can access 62.136.0.50 with NO problems

The INSIDE machines can access 10.1.0.50 no with no problems.
The INSIDE machines CANNOT access 62.136.0.50

So what we`re saying here, is that the INSIDE cannot access a DMZ host that is translated to the OUTSIDE interface.

We need to find a way of getting 10.0.0.0/16 machines to access 62.136.0.50 by performing a translation, so that internal machines connecting to 62.136.0.50 are in fact redirected to 10.1.0.50




THE SOLUTION:

In Pix version earlier than 7.0 use the ALIAS command

ALIAS (inside) 62.136.0.50 10.1.0.50 255.255.255.255

                        or

ALIAS (inside) xx.xx.xx.xx  ii.ii.ii.ii  255.255.255.255
Where xx.xx.xx.xx is the EXTERNAL address  and ii.ii.ii.ii  is the address on the DMZ


In version 7.0 the ALIAS command was depreciated - while it still works OK in Version 7.0, Cisco ASDM doesn`t support the ALIAS command

In PIX 7.0 upwards we will use a STATIC command instead

STATIC (dmz,inside) 62.136.0.50  10.1.0.50  netmask 255.255.255.255

                       or

STATIC (dmz,inside)  xx.xx.xx.xx  ii.ii.ii.ii  netmask 255.255.255.255
Where xx.xx.xx.xx is the EXTERNAL address  and ii.ii.ii.ii  is the address on the DMZ

Back to Cisco Systems: PIX Firewall FAQ Index
Back to Cisco Systems: PIX Firewall Forum

My Archive
Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close