I'm in the early stages of sorting out my new PIX 515UR installation, and have a query about the alias command. According to the documentation this can be used to get the PIX to modify DNS response packets to swap addresses. At the moment I am using my public DNS servers for outside users to resolve hostnames for my public servers (as I have for 4 years), and I'm using the hosts files on my NT servers so that they can talk to each other (I can't get the PIX to allow servers in my DMZ to connect to other servers in my DMZ using their outside static mapped addresses, which would have made my life easier). What I thought I could do so that I can use the same DNS servers for the outside and for the DMZ is to use DMZ addresses in the DNS files and get the PIX to modify the results for requests from outside by using the alias command. But I can't get it to work - either the DMZ address is sent out unmodified, or in the reverse use the lookup fails completely! I have got the alias command to work for my internal users so that DMZ servers can be accessed via their outside addresses. It would appear that the aliasing only works for requests from a higher security interface, but the documentation doesn't mention this. I'm using v4.4 software at the moment, but I do have a v5 upgrade coming soon. Will v5 work the way I want it to? I don't want to run a DNS just for my DMZ hosts. All DMZ hosts are publicly accessible (mail, web, etc.), and my internal users use the same DNS servers for resolving external hosts. Internal host resolution is done using a WINS server on the inside of my PIX, so there's no need for me to set up internal addresses on the DMZ DNS servers. Dan --- D.C. Crichton email: [EMAIL PROTECTED] Senior Systems Analyst tel: +44 (0)121 706 6000 Computer Manuals Ltd. fax: +44 (0)121 606 0477 Computer book info on the web: http://computer-manuals.co.uk/ Want to earn money? Join our affiliate scheme! http://computer-manuals.co.uk/affiliate/ - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
