Using The Static Command For Dns Rewrite; Using The Alias Command For Dns Rewrite; Configuring Dns Rewrite With Two Nat Zones - Cisco PIX 500 Series Configuration Manual
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
DNS Inspection
•
•
•
For detailed syntax and additional functions for the alias, nat, and static command, see the appropriate
command page in the Cisco Security Appliance Command Reference.
Using the Static Command for DNS Rewrite
The static command causes addresses on an IP network residing on a specific interface to be translated
into addresses on another IP network on a different interface. The syntax for this command is as follows:
hostname(config)# static ( real_ifc , mapped_ifc ) mapped-address real-address dns
The following example specifies that the address 192.168.100.10 on the inside interface is translated into
209.165.200.5 on the outside interface:
hostname(config)# static (inside,outside) 209.165.200.225 192.168.100.10 dns
Note
Using the nat command is similar to using the static command except that DNS Rewrite is based on
dynamic translation instead of a static mapping.
Using the Alias Command for DNS Rewrite
The alias command causes the security appliance to translate addresses on an IP network residing on any
interface into addresses on another IP network connected through a different interface. The syntax for
this command is as follows:
hostname(config)# alias ( interface_name ) mapped-address real-address
The following example specifies that the real address (192.168.100.10) on any interface except the inside
interface will be translated to the mapped address (209.165.200.225) on the inside interface. Notice that
the location of 192.168.100.10 is not precisely defined.
hostname(config)# alias (inside) 209.165.200.225 192.168.100.10
If you use the alias command to configure DNS Rewrite, proxy ARP will be performed for the mapped
Note
address. To prevent this, disable Proxy ARP by entering the sysopt noproxyarp command after entering
the alias command.
Configuring DNS Rewrite with Two NAT Zones
To implement a DNS Rewrite scenario similar to the one shown in
steps:
Create a static translation for the web server, as follows:
Step 1
hostname(config)# static ( real_ifc , mapped_ifc ) mapped-address real-address netmask
255.255.255.255 dns
where the arguments are as follows:
Cisco Security Appliance Command Line Configuration Guide
25-16
Configuring DNS Rewrite with Two NAT Zones, page 25-16
DNS Rewrite with Three NAT Zones, page 25-17
Configuring DNS Rewrite with Three NAT Zones, page 25-19
Chapter 25
Configuring Application Layer Protocol Inspection
Figure
25-1, perform the following
OL-12172-03
Advertisement
Table of Contents
Troubleshooting
