Names
One of the more useful features of the PIX OS is the ability to display IP addresses
as names. To enable this feature, enter the names
command in configuration mode:
PIX(config)#namesWith the names feature enabled, you can configure any IP address to be associated with
a name. This is similar in principle to a basic form of DNS, but the names are local to
the PIX being configured. Say that 10.10.10.10 is the IP address of a server called
FileServer. Using the name
command, you can assign the name FileServer to the IP address within
the PIX:
PIX(config)#name 10.10.10.10 FileServerYou can then configure an access list like the following:
PIX(config)#access-list 110 permit tcp any host 10.10.10.10 eq wwwTip
Access lists, including features specific to the PIX, are covered in detail in Chapter 23.
In the configuration, the IP address will be translated to the configured name:
PIX#sho run | include 110access-list 110 permit tcp any hostFileServereq www
If you prefer to see the IP addresses, you can disable the names feature by negating
the names command. The configuration will once again
show the IP addresses:
PIX(config)#no namesPIX(config)#sho run | include 110access-list 110 permit tcp any host10.10.10.10eq www
Tip
Even with names enabled, the output of the show
interface command will always show the IP addresses.
If you need to see all the names configured on your PIX firewall, use the show names command:
PIX#sho names name 10.10.10.1 PIX-Outside name 10.10.10.10 FileServer name ...Get Network Warrior now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
