cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
331
Views
0
Helpful
2
Replies

DNS issue with ASA 5510

preddy
Level 1
Level 1

Hi

I have a problem with DNS resolution with the ASA 5510. The DNS server is inside the LAN (x.y.11.0/24) and MPLS clients are coming from a DMZ segment. There is an MPLS Router between MPLS cloud and ASA, the DMZ is x.y.0.0/24 and DNS server is statically NATted with x.y.0.0 subnet IP. Everything is working fine, except DNS is not resolving the name request coming from MPLS. The request is reaching the DNS server, but while replying the DNS server gives x.y.11.0 IP, which is not crossing the FW. I cannot do the identity NAT for x.y.11.0 IP as we have to make changes in all over MPLS network, which is not feasible as number of locations are more than 100.

If anybody has the workaround, please reply. Thanks in advance.

Regards

Reddy

2 Replies 2

JBDanford2002
Level 1
Level 1

Please post a scrubbed config.

Fernando_Meza
Level 7
Level 7

Hi .. let me see if I have got it right ..?

you are basically trying to access a DNS server on your inside LAN from a network locate on the DMZ .. correct ..?

I am assuming that the security of the inside is higher that the DMZ right ..?

you should have a one to one static NAT like this ..

static (inside,dmz) x.y.?.? x.y.11.? netmask 255.255.255.255

then if you are getting the dns request hitting the DNS server, the issue is more likely that the dns server does not know how to get back to the MPLS segment .. packets from the dns server should be reaching the inside interface of the ASA on its way back to the MPLS cloud .. can you see that happening on the ADSM logs ..?

I hope it helps .. please rate it if it does !!!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: