×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

ASA Forwarding Internal IP's to DNS

Unanswered Question
Nov 5th, 2014
User Badges:

I have a new ASA 5505 that I am configuring to protect an internal LAN segment. Everything is working well except when I go to ping a name of a PC that is behind the firewall DNS returns the internal address of the PC (192.168.1.XXX) instead of it's external (10.23.22.XXX) ip. Why is that happining and how to stop it? Thanks for any help very much!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Karsten Iwen Wed, 11/05/2014 - 12:31
User Badges:
  • Purple, 4500 points or more
  • Cisco Designated VIP,

    2017 Firewalling, VPN

It could be the DNS-doctoring on the ASA. Look for the keyword "dns" at the end of your NAT-statements and remove them.

pgriffin7 Thu, 11/06/2014 - 05:26
User Badges:

Thanks very much - I removed the dns statement and it didn't seem to work.

LA-Engineer Thu, 11/06/2014 - 11:16
User Badges:

If there actually were "DNS" keywords at the end of the NAT statements then I'm pretty sure that was the issue.

 

At this point, you may need to clear the xlate or flush-dns on your hosts.  It could just be stale states.

Actions

This Discussion