RE: Can PIX 6.3 achieve this?

From: Wing Lam (wing.lam@jossynergy.com)
Date: Sun Jul 31 2005 - 22:23:33 GMT-3

• Next message: Wing Lam: "RE: Can PIX 6.3 achieve this?"
• Previous message: Vishal Patel: "RE: Used Routers"
• Maybe in reply to: Wing Lam: "Can PIX 6.3 achieve this?"
• Next in thread: Wing Lam: "RE: Can PIX 6.3 achieve this?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I tested that it's not working.

I think this command only alter the DNS reply, but it will not translate
and packet that getting through the PIX.

Do you all agree?

Thanks,
BBD

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Chris
Sent: Saturday, July 30, 2005 8:51 PM
To: Wing Lam; ccielab@groupstudy.com
Subject: RE: Can PIX 6.3 achieve this?

Straight from CCO. You could easily replace these IP addresses with the
IP addresses you are using and as long as your static and NAT or PAT is
correct, it will work.

If you want the machine with the IP address 10.10.10.25 to access this
web server by its domain name, implement the alias command as shown in
this
output:

alias (inside) 10.10.10.10 99.99.99.99 255.255.255.255

!--- This command sets up DNS Doctoring. It is initiated from the
clients in
!--- the "inside" network. It watches for DNS replies that contain
!--- 99.99.99.99. Then it replaces the 99.99.99.99 address with the
10.10.10.10
!--- address in the "DNS reply" sent to the client PC.

So yours would look like this -

alias (inside) 10.0.0.1 210.1.1.1 255.255.255.255

Couldn't be simpler. You just got to read the link I sent you.

--------------------------------------------------

Christopher Larson CCIE#12380, PMP
Superior Technology Networks Corp
www.supertechnetworks.com - Consulting Services

--------------------------------------------------

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Wing
Lam
Sent: Wednesday, July 27, 2005 10:21 PM
To: ccielab@groupstudy.com
Subject: Can PIX 6.3 achieve this?

Dear Group;

-----internal 10.0.0.1-----[PIX]----external 210.1.1.1--------

I have a internal PC 10.1.1.2 and server 10.1.1.1 and external IP is
210.1.1.1.

I have configured port forwarding for 210.1.1.1 SMTP forward to internal
server 10.1.1.1, it works for any PC in outside

But the internal PC 10.1.1.2 cannot get a success SMTP connection to the
external IP port 25 (i.e. telnet 210.1.1.1 25 from 10.1.1.2).

Just want to confirm whether this is possible in 6.3? how about 7.0?

Thanks,
BBD

• Next message: Wing Lam: "RE: Can PIX 6.3 achieve this?"
• Previous message: Vishal Patel: "RE: Used Routers"
• Maybe in reply to: Wing Lam: "Can PIX 6.3 achieve this?"
• Next in thread: Wing Lam: "RE: Can PIX 6.3 achieve this?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:00:32 GMT-3