Inside-Outside-Inside Routing

Unanswered Question
Aug 24th, 2009
User Badges:

We have a server in our DMZ called "Sue". Our wireless clients' DHCP scope has a private inside address, but a single DNS entry for a server on the outside.

The outside DNS server has a record for "Sue"'s public address. So when an inside wireless client resolves "Sue" it translates to the public address, and when the the inside client tries to access it using that address, it is blocked.

Does this sound right?

Why is that?

Does this make sense?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
suschoud Mon, 08/24/2009 - 17:15
User Badges:
  • Gold, 750 points or more


We call this dns doctoring ( resolving the above issue ).

Through this,basically when inside client tries to access SUE,the ip address which external dns server sends back is public but ASA convert it to private ip of SUE.

you would have a static command in ASA/PIX

static (dmz,outside) < private ip of sue>

Remove this static and add :

static (dmz,outside) < private ip of sue> DNS

For further reading,just search dns doctoring on cisco.

There is one more way,

static (dmz,inside) < private ip of sue>

through this,when inside comp. would receive public ip of SUE,then the above static command would send it to actual ip of SUE is dmz.

Please rate if helps.




This Discussion