Configuring Dns Rewrite; Using The Alias Command For Dns Rewrite; Using The Static Command For Dns Rewrite - Cisco 7604 Configuration Manual
Catalyst 6500 series switch and cisco 7600 series router firewall services module configuration guide using the cli
Hide thumbs
Also See for 7604:
- Configuration manual (1011 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
DNS Inspection
Configuring DNS Rewrite
You configure DNS Rewrite using the alias, static, or nat commands. The alias and static command can
be used interchangeably; however, we recommend using the static command for new deployments
because it is more precise and unambiguous. Also, DNS Rewrite is optional when using the static
command.
This section describes how to use the alias and static commands to configure DNS Rewrite. It provides
configuration procedures for using the static command in a simple scenario and in a more complex
scenario. Using the nat command is similar to using the static command except that DNS Rewrite is
based on dynamic translation instead of a static mapping.
This section includes the following topics:
•
•
•
•
•
For detailed syntax and additional functions for the alias, nat, and static command, see the appropriate
command page in the Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services
Module Command Reference.
Using the Alias Command for DNS Rewrite
The alias command causes the FWSM to translate addresses on an IP network residing on any interface
into addresses on another IP network connected through a different interface. The syntax for this
command is as follows.
hostname(config)# alias (inside) mapped-address real-address
The following example specifies that the real address (192.168.100.10) on any interface except the inside
interface will be translated to the mapped address (209.165.200.225) on the inside interface. Notice that
the location of 192.168.100.10 is not precisely defined.
hostname(config)# alias (inside) 209.165.200.225 192.168.100.10
If you use the alias command to configure DNS Rewrite, proxy ARP will be performed for the mapped
Note
address. To prevent this, disable Proxy ARP by entering the sysopt noproxyarp internal_interface
command after entering the alias command.
Using the Static Command for DNS Rewrite
The static command causes addresses on an IP network residing on a specific interface to be translated
into addresses on another IP network on a different interface. The syntax for this command is as follows.
hostname(config)# static (inside,outside) mapped-address real-address dns
The following example specifies that the address 192.168.100.10 on the inside interface is translated into
209.165.201.5 on the outside interface:
hostname(config)# static (inside,outside) 209.165.200.225 192.168.100.10 dns
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
22-20
Using the Alias Command for DNS Rewrite, page 22-20
Using the Static Command for DNS Rewrite, page 22-20
Configuring DNS Rewrite with Two NAT Zones, page 22-21
DNS Rewrite with Three NAT Zones, page 22-22
Configuring DNS Rewrite with Three NAT Zones, page 22-23
Chapter 22
Applying Application Layer Protocol Inspection
OL-20748-01
- Quick Links:
- C H a P T E...
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
