We have currently using 3600 routers to do NAT translation at the edge of our network, and these are working fine. We have decided to move this process over to ASA5520's, and are in the process of doing this.
We have one problem though, and it is a major headache. We have our own internal DNS servers, which external sites use to resolve names internal to us. This works when using the routers, but not when using the ASAs.
The problem is that when an external site uses nslookup to resolve a site behind the firewall the reply given is the true IP address of the device rather than the NAT?d entry. We can find several documents on this, but they all tend to refer to having the DNS on the outside of your network.
Any ideas on resolving this would be gratefully appreciated.