Not sure if loopback is right term but here's the scenario:
Small Business with a 5510. External
When users on the outside hit mail.domain.com, it's statically set to an internal mail server and everything works fine. When users are on the internal LAN or wireless, and they put in mail.domain.com it times out instead of going out to grab the external IP of the public DNS record and come back in. Internally they can acces the mail server using the private IP or NetBios name of the email server.
I have searched online and found articles suggesting a split dns. Setting an entry for mail.domain.com to point to private address on our internal DNS server. I tried this but we also have a website www.domain.com that is hosted outside our network on our ISP's servers. With that DNS entry in place our in house staff can not access our company's website.
How can I configure the ASA so that the traffic flow back correctly?
Our setup includes:
Windows 2003 Standard SP2 DNS server
Windows 2008 Enterprise SP2 Exchange 2007
CISCO ASA 5510
CISCO 870 ROUTER
CISCO CATALYST 2960
I guess I should also mention that everything worked fine with just a simple home brand router (no asa and just an unmanaged switch). But obviously that equipment wasn't practical for our setup.
On your internal DNS create a zone for your external DNS "domain.com" Then just add any entries that you would like internal users to access, with the appropriate IP addresses. The only issue with this configuration is that if external records pointing to global IP addresses change you will have to manually make the change too. i.e. www (if hosted externally and moves to new provider) This should not be a big deal!
Host entries would work too, but that's lame!
If you do not want to maintain a copy of your external DNS records on your internal DNS, I suggest you carefully read the blog entry from Collin Clark’s post. and setup Bidirectional NAT.
You may also need to setup U-Turn (Hairpinning) same-security-traffic permit intra-interface depending on the placement of devices.
A diagram of your topology would be helpful! ASA config too! Be careful to sanitize it first!
I really like just adding the External zone to internal DNS, your setup sounds a lot like many of my customers. Keeping the ASA configuration simple might be a good idea unless your up for the challenge! Remember you have to maintain this not me, nor anyone else!
Hope this helps,