NAT Problems with Cisco ASA 5501

sarangad · ‎03-18-2007

Hi all,

I recently configured a cisco ASA 5500 firewall with PAT & basic filters. Everything is ok other than DNS. I dont have any internal DNS servers I am using my ISPs DNS servers for name resolutions. In the nslookup utility of a client computer all the URLs are getting resolves perfectly. But I type the same URL in the browser it's not working. But if I type the IP address of the same URL in the browser it works perfectly. Wonder why this happen. Is this something to do with maximum DNS packet size or something else. Please let me know.

Thanks in advance

Sara

Here I am attaching the sh run output and the syslog messages

suschoud · ‎03-19-2007

hi,

from where are u initiating the request.from inside or from management?

it seems that there's some issue with routes here.

route inside 172.16.0.0 255.255.0.0 172.16.40.2 1

this means 172.16.0.0/16 lies on inside

ip address 172.16.1.50 255.255.255.0 :

the ip address which you have assisgned to management interface and the dhcp client ip's which you have defined on the management interface,they are in the same network as inside network.

please change the ip address of management interface so that it does not lie with in 172.16.0.0/16 and please change the dhcp client range defined on the management interface too.

i am not sure how this could be related to your issue but this is obviously misconfiguration.

hth

Sushil