Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations sizbut on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PIX 501 and Alias

Status
Not open for further replies.
stakano

stakano

MIS
May 19, 2002
14
CA
I have a PIX 501 with a server on the inside that is accessible from the outside with the routable IPonly, using the static command;

static (inside,outside) <outside IP> 192.168.0.101 netmask 255.255.255.255 0 0

There are inside users that also need to access this internal server using the same routable IP. I have played with the alias commands to no avail.

I have tried
- alias (inside) <outside IP> 192.168.0.101 and also reversing them and no luck

Can anybody help?
 
Sort by date Sort by votes
maybe a silly question but where is the dns server that the client is pointing to? Is it an ISP's or hosted internally ? Jeff
 
Upvote 0 Downvote
The DNS is external.

The only difference is that to access this server from the outside, it is IP only and not by hostname.

The idea is that it is using DNAT (Destination NAT), but it doesn't seem to work.
 
Upvote 0 Downvote
Should work as follows:


alias (inside) <inside IP> <Outside IP> 255.255.255.255

Also make sure proxy-arp is disabled

sysopt noproxyarp <internal interface>

What version of PIX OS are you running?
 
Upvote 0 Downvote
Users aren't trying to use the extrenal address. They need to use the internal address and they do not have an internal DNS server.

I have used the alias command in several of my installs without issues. Do you have specifics on why you don't like the command?



 
Upvote 0 Downvote
The alias command is problematic especially in a 2 interfaces pix environment.
If one does not disable proxy-arp, it can block the traffic to the server private ip address.
It will not help much in the situation above because if the traffic is destined to the registered ip of the server, then no matter what - if it goes to the pix (default gateway), the pix won't pass it back to the server on same interface.

If you have a scenario with 3 interfaces or more, then alias may be more usefull, but this is not the case here.
If you need to use DNS FQDN names, then alias may also help if configured properly, but as described by the &quot;Stakano&quot; this is not the case here.

Bye
Yizhar Hurwitz
 
Upvote 0 Downvote
I am running 6.3.1 now.. I was using 6.2.2 for a while.

mtashiro, can you explain how you got this to work? Was it on a 501 box?

I still can't seem to get it to work...
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
761
Sameer258
Sameer258
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
565
nnaarrnn
nnaarrnn
Nitta84
  • Locked
  • Question
navigation slow and tcp syc/ack drop
Replies
0
Views
487
Nitta84
Nitta84
xwray
  • Locked
  • Question
PIX 501 DHCP Server function
Replies
0
Views
114
xwray
xwray
brownmab53
  • Locked
  • Question
PIX 525 ASA not allowing DHCP addresses to pass through to router
Replies
0
Views
157
brownmab53
brownmab53

Part and Inventory Search

Sponsor

Back
Top