Posted on 2006-05-17
This question may have been asked here before albeit in a different scenario. Here is the problem that I am facing.
We have our internal AD DNS server sitting behind a Cisco PIX 506 firewall. We are in the process of changing our ISP's. We have, in the firewall config, the use of the alias command. This command is not supported in the PDM and I keep getting a message when I start the PDM. This means that the only way in which I can configure the pIX is through the command line.
Now with the move to the new ISP - I would like to do away with the alias command. In reading a few articles on this site regarding DNS doctoring, there have been a couple of suggestions. However the scenario's presented are slightly different from ours. We host quite a few websites on the servers inside our network. So also mail (OWA). I would like to be able to browse the websites from within the network without any problems (the internal DNS server has the records for the web sites). So if my internal DNS server has all the internal IP addresses for the web servers - I should not need any alias command on the firewall. Am I correct in that assumption? For external clients accessing my internal web servers we have the access list as well as the static entries in the firewall configuration.
In case the static command is used with an outside NAT "static (outside,inside) 10.10.4.9 209.x.x.x netmask........" will that be helpful?
One important factor is that our internal and external DNS names are the same. I am maintaining 2 DNS servers.
Any help in this matter will be highly appreciated.