We're using the ACE with static NAT. We have three interfaces. One outside and two inside. On one of the insides we have a FTP server and on the other inside we have the client. The client needs to connect to the FTP server but he wants to connect on the public DNS name.
A classic example of DNS doctoring which can be solved by the ASA by doing doing:
static (bla,bla) blablabla dns
Now I've read that the ACE module does this automatically with dns inspection enabled:
("Translates the DNS A-record based on the NAT configuration")
However I can't get it to work.
I have my inspection policy-map attached to all three interfaces and I am sure my DNS request goes through the ACE.
I see hits on the DNS inspection policy but the dns answer I get still has the public IP listed and not the internal one.
I hope my story is clear...
Anyone got a clue on how to figure this out? Anyone got a similar setup working?