08-29-2012 07:28 AM - edited 03-11-2019 04:47 PM
Hi there -
we have just installed a new ASA and its great except for one little issue. The outside interface IP address has a DNS name in the outside world of office.companyname.com - with our users connecting their IPhones etc to exchange via office.companyname.com/exchange - this all still works when they are outside the network, but from inside the network this server is no longer accessible. If I ping this name from the inside of the network, the IP is resolved but then the ping times out.
Any ideas??? Hope that makes sense......probably havent explained it too well!!
Solved! Go to Solution.
09-03-2012 02:17 PM
If we're talking a windows as a dns server here, just create a New Zone; Forward Lookup Zones > New Zone... default setting should work for most deployment, so i suggest keep the default. In your case, companyname.com. Then point that zone ip address to the internal address of that server. Create a New Host (A or AAA) under that newly created zone then point it to its corresponding ip address.
08-29-2012 11:51 AM
James,
If it's a problem of DNS you can have a look either into DNS doctoring (available on ASA) or setting up multiple zones (bind name) on your DNS.
I guess you would have expected office...../exchange to go to internal server?
Hard to say more without actual config - if in doubt you always have TAC ;-)
M.
08-29-2012 09:28 PM
Hi James,
Correct me if im wrong but the way i understand this in generality is your inside host/s is trying to connect to your firewall's outside interface/ip address.
By default ASA doesnt allow it. So you need to enable redirection/U-turning/Hairpinning
09-03-2012 12:46 PM
Thank you for the replies - we have an internal DNS server - all clients have this is their primary DNS. Would it be possible to create a "redirect" of some kind on the DNS to map requests for office.companyname.com/exchange to the internal name of the server, thus cutting the ASA out of the equation??? No idea how I would do this - not a server dude at all - any help would be appreciated!!!
09-03-2012 02:02 PM
James,
I think you just need some NAT configuration.
Can you share your config and let us know the source IP address and the server's private IP?
Regards,
Felipe.
09-03-2012 02:17 PM
If we're talking a windows as a dns server here, just create a New Zone; Forward Lookup Zones > New Zone... default setting should work for most deployment, so i suggest keep the default. In your case, companyname.com. Then point that zone ip address to the internal address of that server. Create a New Host (A or AAA) under that newly created zone then point it to its corresponding ip address.
09-10-2012 03:33 AM
Thank you Jonjon - worked nicely thank you.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: