Network Security: Detailed info on RE: Cisco PIX

Subject:	RE: Cisco PIX - DNS
Date:	Tue, 22 Mar 2005 21:19:18 -0600

Did you try the fixup protocol dns command?
 

______________________________
Michael T. Reshetar
Wells Fargo Services Company
Phone: (612) 667-2310
Cell: (612) 581-4946 

"This message may contain confidential and/or privileged information.  If
you are not the addressee or authorized to receive this for the addressee,
you must not use, copy, disclose, or take any action based on this message
or any information herein.  If you have received this message in error,
please advise the sender immediately by reply e-mail and delete this
message.  Thank you for your cooperation."

 

  _____  

From: Charly [mailto:charlycr@fibertel.com.ar] 
Sent: Tuesday, March 22, 2005 7:45 AM
To: firewalls@securityfocus.com
Subject: Cisco PIX - DNS


Hi,
 
I'm setting up a new network where I´ll have webhosting servers behind the
PIX.
I get problems with the DNS, because when the servers that are behind the
firewall ask about any record the DNSs respond with the public IP, and when
it try to connect, It can´t. About it I can't send an email from MAIL1 to
MAIL2.
I was reading about the alias command, but it appears to be used when you
have the DNSs outside your network.
Anybody knows how I can resolve it?
 
Below is a basic configuration of my pix and the diagram of the network.
 
Thanks,
 
Charly
 
Cisco PIX Firewall Version 6.1(1)
static (inside,outside) 200.200.200.3 192.168.0.1 netmask 255.255.255.255 0
0
static (inside,outside) 200.200.200.4 192.168.0.2 netmask 255.255.255.255 0
0
static (inside,outside) 200.200.200.5 192.168.0.3 netmask 255.255.255.255 0
0
access-list outside-list permit udp any host 200.200.200.3 eq 53
access-list outside-list permit tcp any host 200.200.200.3 eq 53
access-list outside-list permit udp any host 200.200.200.4 eq 53
access-list outside-list permit tcp any host 200.200.200.4 eq 53
access-list outside-list permit udp any host 200.200.200.5 eq 53
access-list outside-list permit tcp any host 200.200.200.6 eq 53
access-list outside-list permit tcp any host 200.200.200.3 eq 25
access-list outside-list permit tcp any host 200.200.200.3 eq 110
access-list outside-list permit tcp any host 200.200.200.4 eq 80
access-list outside-list permit tcp any host 200.200.200.5 eq 25
access-list outside-list permit tcp any host 200.200.200.5 eq 110
access-list outside-list permit tcp any host 200.200.200.5 eq 80
access-group outside-list in interface outside
global (outside) 1 200.200.200.10
nat (inside) 1 192.168.0.0 255.255.255.0 0 0
route outside 0.0.0.0 0.0.0.0 200.200.200.1 1

Network.jpg
Description: JPEG image

--------------------------------------------------------------------------
FREE Download - The Future in Desktop Firewalls is Available Now
 
NEW NetOp Desktop Firewall, the world's first driver-centric 
firewall software - protecting your laptops and corporate PCs at  
ring-zero! NetOp features sophisticated process & application
control, centralized management and multiple network user profiles -
NetOp is able to increase security when mobile users plug back 
into your network. Step into a more secure future - Try it FREE
http://www.securityfocus.com/sponsor/CrossTec_firewalls_050315
--------------------------------------------------------------------------

<Prev in Thread]	Current Thread	[Next in Thread>
Cisco PIX - DNS, Charly Re: Cisco PIX - DNS, Charlie Winckless Re: Cisco PIX - DNS, Shawn Parker Re: Cisco PIX - DNS, Sylvain Gil RE: Cisco PIX - DNS, Michael . T . Reshetar <=

Previous by Date:	RE: Most secure small home office firewall under $700, Piotr Derda
Next by Date:	Re: VPN ERROR, Aida Lumbreras
Previous by Thread:	Re: Cisco PIX - DNS, Sylvain Gil
Next by Thread:	VPN ERROR, Hesperia DOS-IT Security
Indexes:	[Date] [Thread] [Top] [All Lists]

RE: Cisco PIX - DNS