I'm in the early stages of sorting out my new PIX 515UR installation, and 
have a query about the alias command. According to the documentation this 
can be used to get the PIX to modify DNS response packets to swap 
addresses. At the moment I am using my public DNS servers for outside 
users to resolve hostnames for my public servers (as I have for 4 years), and 
I'm using the hosts files on my NT servers so that they can talk to each other 
(I can't get the PIX to allow servers in my DMZ to connect to other servers in 
my DMZ using their outside static mapped addresses, which would have 
made my life easier).

What I thought I could do so that I can use the same DNS servers for the 
outside and for the DMZ is to use DMZ addresses in the DNS files and get 
the PIX to modify the results for requests from outside by using the alias 
command. But I can't get it to work - either the DMZ address is sent out 
unmodified, or in the reverse use the lookup fails completely!

I have got the alias command to work for my internal users so that DMZ 
servers can be accessed via their outside addresses. It would appear that 
the aliasing only works for requests from a higher security interface, but the 
documentation doesn't mention this. I'm using v4.4 software at the moment, 
but I do have a v5 upgrade coming soon. Will v5 work the way I want it to?

I don't want to run a DNS just for my DMZ hosts. All DMZ hosts are publicly 
accessible (mail, web, etc.), and my internal users use the same DNS 
servers for resolving external hosts. Internal host resolution is done using a 
WINS server on the inside of my PIX, so there's no need for me to set up 
internal addresses on the DMZ DNS servers.

Dan

---
D.C. Crichton                 email: [EMAIL PROTECTED]
Senior Systems Analyst        tel:   +44 (0)121 706 6000
Computer Manuals Ltd.         fax:   +44 (0)121 606 0477

Computer book info on the web:
   http://computer-manuals.co.uk/
Want to earn money? Join our affiliate scheme!
   http://computer-manuals.co.uk/affiliate/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to