PIX 501 DNS Alias on interface for static IPs while port fowarding and DHCP?


I've spent about 10 hours configing my PIX 501 today. I haven't had much experience with networking but so far have managed to reset the lost password (via TFTP server and password reset bin file) and got PPPOE with DHCP for the external interface running after setting my DSL router up as a bridge and also bridging through a motorola VOIP device.

OK this is where I run into trouble:

windows XP boxes using DHCP resolve DNS fine windows XP boxes using static IPs can't resolve DNS when the DNS IP is pointed to the PIX.

I need to run some static IPs for port forwarding but want the DNS to resolve for the static IP addresses as well.

Can anyone point me to PIX config(s) option(s) which will

1) allow DHCP with DNS to function (note: this is already working but I wish it to remain in working order) 2) for static IP addresses: allow DNS to resolve by entering the PIX internal interface address 3) allow port-forwarding to a static IP addresses

Thanks in advance, wonk

Reply to
Loading thread data ...

ok 6 hours more and still can't get this to work.

new details:

1) removed VOIP device from network. 2) changed DSL router back to router mode with PPOE BRIDGE and NAT for PIX IP address (Had it working in full bridge mode) 3) PIX handles PPPOE login 4) got DNS working for both static and DHCP by hardcoding the static ones

STILL can't get port forwarding to work at all :(

running version 6.3(1) reset to factory config and used the following commands

access-list inbound permit icmp any any access-list inbound permit tcp any any eq www

access-group inbound in interface outside static (inside,outside) tcp interface www www netmask

the 203 address is a box with a port 80 application running.

tried a port-scan website and two friends in two different countries and the port is still not open. can someone offer some insight? It should not be this hard to forward a port, something is wrong?

Reply to

the pix 501 makes a great paperweight :p

Reply to

Well, nobody replied to any of my requests for help but as usual, life responds to those who help themselves. Got it all working through persistance. For future reference if anyone is searching usenet for a similar issue I will post the resolution here.

Main problem: when the PIX is set up for DHCP, STATIC IPs are unable to use DNS soltion: (since none better were posted) use STATIC DNS entires on STATIC IPs, do not piont at the PIX inside interface for DNS as it will not reslove them.

Secondary problem: Even if everything else is working port forwarding only works if you use a cross-over patch cable instead of a straight through cable. I had swiched mine to a straight through cable somewhere along the line in all my troubleshooting attempts. Switching back to a cross-over patch cable allowed port forwarding to work.

Was a cable issuse.

Reply to

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.