Hi! I have finally got my NAT working on the PIX 501. This is the set-up:
192.168.1.100 = WWW server
85.226.xx.xxx = outside interface
I cannot access any of the www server pages from inside the lan using my domain name (i use host headers), but with my old netgear this was possible so i guess the 501 can be configured for this. The question is how?
You probably have a 'static' for the port forwarding. Add the 'dns' keyword to it, assuming your DNS server is external.
If your DNS server is internal and it is handing out the public IP addresses, then change it to hand out the private IP address and add that 'dns' keyword to the static.
I dont understand you fully. The port forwarding is by "static", yes. How do i add the dns keyword? Im configuring this cisco @ home to learn about it and i've just started out.
I use my ISP's DNS server so it's external. Will that work? In the worst case i can set up my http server as dns if it wont work otherwise?
0) connect to the PIX CLI and 'enable' and give the appropriate password
1) command show static
2) find the one that has the port you want forwarded
3) in configuration mode, use the command no followed by the exact existing static command found in (2)
4) in configuration mode, reenter the same static command found in (2), except that just before the two numbers at the end (the max connections and embrionic limit) insert the keyword dns
5) in configuration mode, command clear xlate
6) test
7) when you are satisfied, command write memory to save to boot memory
(Note: the 'static' documentation implies that the dns keyword only works for outgoing translation -- but if that were the case then there would be no equivilent to the operation of the deprecated 'alias' command.)
Done precisely this a moment ago, it doesnt work. I'll try setting up a local dns which points my domain to the local ip, that way local requests will go to the LAN and outside requests should still be routed thru the pix correctly?
This is now confirmed not working. I set up a local DNS server for my domain and pointed it to my server's LAN ip which worked. The site is still accessible from the outside!
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.