We currently use a different firewall appliance which is still connected. The problem is, when I switch the route to go out onto the internet to pass through the ASA, DNS resolutions become slow. They work but they are slow and thus browsing is slow. When I set the route back to the other firewall appliance, everything works fine. The resolutions are much quicker than when the traffic is running through the ASA.
By the way, the DNS server is internal.
Can anyone share some insight into why this happens? Did I forget something? I've attached the ASA's configuration.
Thank you. I got the problem solved after doing some packet captures.
It turns out that the DNS server was forwarding to two other older DNS servers that we had before. That caused the resolutions to take much longer than they should have which timed out on the client machines.
The captures showing the older DNS servers making resolution requests whenever a lookup request was made from the new DNS server.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...