Richard- As I had said in my last post, in analyzing his syntax, it appears he's trying to do Destination NAT and DNS Doctoring at the same time, for which it obviously doesn't work.
I couldn't tell you if line 2 is auto-reversing what line 1 does by the PIX's operating code, but you are correct that only one line is needed. >From what I gathered of the documentation, he also needed to do a second Alias statement against the DMZ interface, or he needed to do a Static statement utilizing the DNS keyword; example: "static (dmz,outside) pub.lic.ip.addr dmz.host.ip.addr dns netmask 255.255.255.255 0 0" I don't have a 3-interface pix to test these possible solutions on, so I can't say for certain that I'm correct. :( -Mark -----Original Message----- From: Richard Botham [mailto:[EMAIL PROTECTED] Sent: Monday, June 02, 2003 7:12 AM To: [EMAIL PROTECTED] Subject: RE: PIX Firewall 6.2.2 Inside network can not reac [7:69779] Charles/Mark, No infinate wisdom i'm afraid - just my #0.2. Is it because the statements below effectively do nothing due to the fact the statement 2 undoes what statement one has just done ? [or have i missed the point.] 1)alias (inside) SERVERA_DMZ SERVERA_OUTSIDE 255.255.255.255 2)alias (inside) SERVERA_OUTSIDE SERVERA_DMZ 255.255.255.255 I would have thought that you would only need the statement one - why do you need to reverse what you did in statement one fro the hosts on the inside net ? regards Richard Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70004&t=69779 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
