Re: Cisco Pix and Static routing

Sat, 18 Mar 2000 00:17:28 -0800 

Hi Diederick,

There are two ways to go about this.  One is to configure an additional DNS 
MX record with a low value, for your internal clients only.  This MX record 
would point to the actual address of the machine (10.x.x.3).  Other clients 
won't use that MX record, as the address is unreachable, and they will use 
the next higher preference record.

The other way is to use the alias command on the PIX.  I needed to read the 
documentation several times before I understood how the command works, and 
the behavior has changed depending on the version you are using.  So, check 
your manual for the version you are using, for the alias command syntax and 
usage.

Hope that helps,

Lisa Napier
Product Security Incident Response Team
Cisco Systems
http://www.cisco.com/warp/public/707/sec_incident_response.shtml

PGP:  A671 782D 2926 B489 F81A 3D5E B72F E407 B72C AF1F
ID: 0xB72CAF1F, DH/DSS 2048/1024

At 08:29 AM 03/18/2000 +0100, Diederick van Dijk wrote:
>Hi all,
>
>We use a Cisco Pix Firewall as the firewall of our DMZ. The Pix runs PIX IOS
>4.x. We have several static routes so that our servers (www, DNS, mail) can be
>reached at a 'real' internet address :
>
>- 193.79.xx.a 'static routes' to 10.x.x.1 (DNS)
>- 193.79.xx.b 'static routes' to 10.x.x.2 (WWW)
>- 193.79.xx.c 'static routes' to 10.x.x.3 (mail)
>
>Now we have the following problem. When we want the sent mail from f.e. the
>WWW server to our own domain (MX = 193.79.xx.c) it can't be done. All our
>mail goes first to our fallback mailhost, which is the mailhost of our 
>ISP, and
>this mailhost redirects is to 193.79.xx.c .  But we want it direct to
>193.79.xx.c. We have tried several things such as setting a route on the PIX
>but didn't succeed. Have anyone has any idea how to configure this ?
>
>Thanks,
>
>--
>
>------------------------------------------------------------------------------
>Diederick van Dijk
>Homepage: http://www.van-dijk.net
>Linux Documentation: http://cpqlin.van-dijk.net
>- Manager of Compaq And Linux Mailing List (see my homepage)
>   (subscribe at [EMAIL PROTECTED])
>- Paper about installing Red Hat on a Compaq with a Smart Array Controller
>- Mini-Howto Linux PPP to NT with MS Chap and callback
>------------------------------------------------------------------------------
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]

-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to