I've been playing a little with the Pix alias command today on a two interface Pix:
A customer was using the alias command to change the content of DNS replies from the registered address to the real internal address of servers, so that users on the local subnet went directly to servers on the same LAN. This seemed to be working (The DNS side of it). alias (inside) 255.255.255.255 Unfortunately the other use for the same alias command seemed to be screwing this up. The other use allows destination NAT of the addresses within the command. Users trying to get to the internal server addresses were timing out intermittently. This turned out to be because of the alias command, which was making the pix reply (proxy arp) and NAT the internal server address to the new destination address (the registered address). I asked the customer to apply 'sysopt noproxy inside' to turn off proxy arp and the problem was cured. Took it off to confirm and problems returned. I've also noticed the command 'sysopt nodnsalias' which seems to do 'roughly' the same thing (I think!!). Can anyone explain this command any better than the couple of lines in the Pix command reference. Also anybody care to detail how they use the alias command for this sort of thing. It seems to me that there are a few ways to use it (And I think even more ways when servers are on the DMZ so that DNS changes or NAT will do the trick) Thanks, Gaz Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=37189&t=37189 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
