From: miken (miken@sisna.com)
Date: Sat Jul 30 2005 - 12:21:56 GMT-3
Hello Wing
If you have customers that like to use PIX's PDM gui interface for
configurations, the alias command is not supported. In that case it is best
to use "dns" in your static command. This form of DNS doctoring replaces the
legacy alias command. If you are having trouble with your CLI configurations
Wing, I recommend trying the PDM. There is a radio button for DNS doctoring
in the translation configuration tab. Then you can use CLI to see what it
should look like.
HTH
MikeN
----- Original Message -----
From: "Chris" <clarson52@comcast.net>
To: "'Wing Lam'" <wing.lam@jossynergy.com>; <ccielab@groupstudy.com>
Sent: Saturday, July 30, 2005 6:50 AM
Subject: RE: Can PIX 6.3 achieve this?
> Straight from CCO. You could easily replace these IP addresses with the IP
> addresses you are using and as long as your static and NAT or PAT is
> correct, it will work.
>
> If you want the machine with the IP address 10.10.10.25 to access this web
> server by its domain name, implement the alias command as shown in this
> output:
>
> alias (inside) 10.10.10.10 99.99.99.99 255.255.255.255
>
> !--- This command sets up DNS Doctoring. It is initiated from the clients
in
> !--- the "inside" network. It watches for DNS replies that contain
> !--- 99.99.99.99. Then it replaces the 99.99.99.99 address with the
> 10.10.10.10
> !--- address in the "DNS reply" sent to the client PC.
>
>
>
> So yours would look like this -
>
> alias (inside) 10.0.0.1 210.1.1.1 255.255.255.255
>
> Couldn't be simpler. You just got to read the link I sent you.
>
>
> --------------------------------------------------
>
> Christopher Larson CCIE#12380, PMP
> Superior Technology Networks Corp
> www.supertechnetworks.com - Consulting Services
>
>
> --------------------------------------------------
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Wing
> Lam
> Sent: Wednesday, July 27, 2005 10:21 PM
> To: ccielab@groupstudy.com
> Subject: Can PIX 6.3 achieve this?
>
> Dear Group;
>
> -----internal 10.0.0.1-----[PIX]----external 210.1.1.1--------
>
> I have a internal PC 10.1.1.2 and server 10.1.1.1 and external IP is
> 210.1.1.1.
>
> I have configured port forwarding for 210.1.1.1 SMTP forward to internal
> server 10.1.1.1, it works for any PC in outside
>
> But the internal PC 10.1.1.2 cannot get a success SMTP connection to the
> external IP port 25 (i.e. telnet 210.1.1.1 25 from 10.1.1.2).
>
> Just want to confirm whether this is possible in 6.3? how about 7.0?
>
> Thanks,
> BBD
>
> ______________________________________________________________________
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email
> ______________________________________________________________________
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:00:32 GMT-3