Hi! I have finally got my NAT working on the PIX 501. This is the set-up:
192.168.1.100 = WWW server 85.226.xx.xxx = outside interfaceI cannot access any of the www server pages from inside the lan using my domain name (i use host headers), but with my old netgear this was possible so i guess the 501 can be configured for this. The question is how?
Cheers MS
You probably have a 'static' for the port forwarding. Add the 'dns' keyword to it, assuming your DNS server is external.
If your DNS server is internal and it is handing out the public IP addresses, then change it to hand out the private IP address and add that 'dns' keyword to the static.
So what exactly is being done here? And I assume this will work on a 1811 router?
I have a similar problem.
I dont understand you fully. The port forwarding is by "static", yes. How do i add the dns keyword? Im configuring this cisco @ home to learn about it and i've just started out.
I use my ISP's DNS server so it's external. Will that work? In the worst case i can set up my http server as dns if it wont work otherwise?
Thanks for helping out!
Ok, i googled up that keyword but just adding it to make this
static (inside,outside) tcp 85.226.42.102 www Mainframe www dns netmask
255.255.255.255 0 0wont help me much huh? Well it doesnt and im guessing im missing something more =/
0) connect to the PIX CLI and 'enable' and give the appropriate password 1) command show static 2) find the one that has the port you want forwarded 3) in configuration mode, use the command no followed by the exact existing static command found in (2) 4) in configuration mode, reenter the same static command found in (2), except that just before the two numbers at the end (the max connections and embrionic limit) insert the keyword dns 5) in configuration mode, command clear xlate 6) test 7) when you are satisfied, command write memory to save to boot memory
For example,
static (inside,outside) tcp interface www INTERNALIP www netmask 255.255.255.255 dns 0 0
As far as I know.
(Note: the 'static' documentation implies that the dns keyword only works for outgoing translation -- but if that were the case then there would be no equivilent to the operation of the deprecated 'alias' command.)
Done precisely this a moment ago, it doesnt work. I'll try setting up a local dns which points my domain to the local ip, that way local requests will go to the LAN and outside requests should still be routed thru the pix correctly?
This is now confirmed not working. I set up a local DNS server for my domain and pointed it to my server's LAN ip which worked. The site is still accessible from the outside!
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.