Hi all,
I am configuring a ASA 5510 and I have a proxy server (in inside interface) that must to connect at externals DNS.
I have created the rules and NATs necessary it, but I am not able to open any web page, just reach the web pages through ip address.
When I make the tests, I have received the message of drop: Drop-reason: (inspect-dns-invalid-pak) DNS Inspect invalid packet message, but I do not know why!
Do you know why this is happing?
How can I fix this?
The rules follow bellow
acls
access-list inside_access_in extended permit udp host PROXY_INTERNET host x.x.x.x eq domain
nat
static (inside,outside) udp x.x.x.x domain PROXY_INTERNET domain netmask 255.255.255.255 dns
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect icmp
inspect dns migrated_dns_map_1
!
service-policy global_policy global
Thanks,