Re: DNS Lookups using PIX 6.2.2

From: Chuck Church (cchurch@optonline.net)
Date: Fri Nov 15 2002 - 11:58:23 GMT-3

• Next message: jfaure@sztele.com: "WINS PROXY IN ROUTED NETWORKS"
• Previous message: Saleem Rahman (salrahma): "RE: OSPF Areas in Decimal Format"
• Maybe in reply to: djtowns@webtribe.net: "DNS Lookups using PIX 6.2.2"
• Next in thread: Joe A: "RE: DNS Lookups using PIX 6.2.2"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

What do you mean the DNS requests come through unNATed? You mean they're
recieived by the 3rd party unnatted (source address is your internal), or
the replies you get from the DNS server contain "unNATed" information?

Chuck Church
CCIE #8776, MCNE, MCSE

----- Original Message -----
From: <djtowns@webtribe.net>
To: "Stong, Ian C [GMG]" <Ian.C.Stong@mail.sprint.com>;
<ccielab@groupstudy.com>
Sent: Friday, November 15, 2002 9:15 AM
Subject: RE: DNS Lookups using PIX 6.2.2

> We have a bunch of PC's on our inside network, they access an
> external company via a PIX 525 firewall running 6.2.2 software.
>
> There is now a requirement for the PC's to perform DNS lookups
> to the 3rd party companies DNS server sat off the outside
> interface.
>
> The problem is that we need to be able to use a global pool of
> addresses to cut down on the number of required inside addresses
> to satisfy the DNS lookups.
>
>
> PC ---- PIX ------ DNS Server
> Inside outside
>
> I was expecting the following config to work - but it dosn't !!
>
> global (inside) 2 10.1.1.1-10.1.1.63 netmask 255.255.255.192
> nat (outside) 2 0.0.0.0 0.0.0.0 dns outside
>
> requests still come through un nat'ed
>
> Help !!!!!
>
> >Haven't done it - but am curious what specifically you are
> trying to do?
> >Looks interesting and something I'd like to try - once I
> understand what it
> >means :)
> >
> >
> >-----Original Message-----
> >From: djtowns@webtribe.net [mailto:djtowns@webtribe.net]
> >Sent: Friday, November 15, 2002 7:36 AM
> >To: ccielab@groupstudy.com
> >Subject: DNS Lookups using PIX 6.2.2
> >
> >
> >Has anybody had any experience on configuring a PIX to NAT DNS
> >queries from an outside DNS server to an inside range.
> >
> >I can get this working using static :
> >
> >static (inside,outside) 10.1.1.0 204.12.8.0 dns netmask
> >255.255.255.0 0 0
> >
> >however I need to get this working using the Global and NAT
> >commands to save on addressing space, has anyone had any
> success
> >with this ???
> >
> >Thanks
> >
> >Dyls

• Next message: jfaure@sztele.com: "WINS PROXY IN ROUTED NETWORKS"
• Previous message: Saleem Rahman (salrahma): "RE: OSPF Areas in Decimal Format"
• Maybe in reply to: djtowns@webtribe.net: "DNS Lookups using PIX 6.2.2"
• Next in thread: Joe A: "RE: DNS Lookups using PIX 6.2.2"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Dec 03 2002 - 07:23:01 GMT-3