On 15 Nov 2001 at 10:11, Johnston Mark wrote: > Another thing to check is that you are actually connecting to the right IP > address .... this makes a difference if you use non-routable ip's in your > dmz. Lets say that you connect to www.test.com doing an nslookup might > reveal the legal ip (Eg. 193.76.90.21).... thats not going to work. To get > around that add an entry to your local hosts file or put the non-routeable > ip in your internal DNS server. (Eg. 192.168.1.23 www.test.com)
I'd already sent this suggestion to Fr�d�ric directly - you can use the alias command on the PIX to avoid having to run separate DNS or maintain host files on your user's machines. I've been using it here for over a year and it makes life really easy - my internal users can connect to my DMZ servers using their public IP addresses and the PIX does the address translation to pass the packets to the appropriate DMZ server, and neither machine needs any special configs. Dan --- D.C. Crichton email: [EMAIL PROTECTED] Senior Systems Analyst tel: +44 (0)121 706 6000 Computer Manuals Ltd. fax: +44 (0)121 606 0477 Computer book info on the web: http://computer-manuals.co.uk/ Want to earn money? Join our affiliate network! http://computer-manuals.co.uk/affiliate/ _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
