Unable to browse internal server

Unanswered Question
Apr 9th, 2008
User Badges:


After installing ASA 5505 at our client's site, they are not able to browse their internal server using url now. But they can access it using servername and ip address. I've already enabled port 53 to outside port as the DNS server is outside the network.

Hope you can help me resolve this issue.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
acomiskey Wed, 04/09/2008 - 12:22
User Badges:
  • Green, 3000 points or more

When you say they can access it with ip, do you mean the internal ip?

The problem most likely is that the url is resolving to the public ip address which is not reachable from inside the ASA.

You have a few options to fix this. One is to edit the clients hosts file so the url resolves to the inside ip. Second is to use dns doctoring on the ASA to change the response from the dns server from public ip to private. Third is using hairpinning on the inside interface of the ASA.

DNS Doctoring -


Hairpinning -


patricia20 Wed, 04/09/2008 - 12:48
User Badges:

Yes, it's internal ip.

I'll review the links that you've sent. Thanks for your immediate reply. :)

patricia20 Wed, 04/09/2008 - 13:29
User Badges:

There is a note in DNS doctoring that "DNS rewrite is not compatible with static Port Address Translation (PAT) because multiple PAT rules are applicable for each A-record, and the PAT rule to use is ambiguous."

If I'm using PAT, should you recommend hairpinning instead of DNS doctoring?


acomiskey Thu, 04/10/2008 - 05:42
User Badges:
  • Green, 3000 points or more

Yes. That will work fine. Would look something like...

same-security-traffic permit intra-interface

static (inside,inside) netmask

global (inside) 1 interface

nat (inside) 1 0 0


This Discussion