Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
831
Views
0
Helpful
6
Replies

Badly Explained ASA Question

Go to solution
jdgriffiths
Level 1
Level 1

‎08-29-2012 07:28 AM - edited ‎03-11-2019 04:47 PM

Hi there -

we have just installed a new ASA and its great except for one little issue. The outside interface IP address has a DNS name in the outside world of office.companyname.com - with our users connecting their IPhones etc to exchange via office.companyname.com/exchange - this all still works when they are outside the network, but from inside the network this server is no longer accessible. If I ping this name from the inside of the network, the IP is resolved but then the ping times out.

Any ideas??? Hope that makes sense......probably havent explained it too well!!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Eyes
Level 1
Level 1
In response to jdgriffiths

‎09-03-2012 02:17 PM

If we're talking a windows as a dns server here, just create a New Zone; Forward Lookup Zones > New Zone... default setting should work for most deployment, so i suggest keep the default. In  your case, companyname.com. Then point that zone ip address to the internal address of that server. Create a New Host (A or AAA) under that newly created zone then point it to its corresponding ip address.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎08-29-2012 11:51 AM

James,

If it's a problem of DNS you can have a look either into DNS doctoring (available on ASA) or setting up multiple zones (bind name) on your DNS.

I guess you would have expected office...../exchange to go to internal server?

Hard to say more without actual config - if in doubt you always have TAC ;-)

M.

0 Helpful

Go to solution
Jon Eyes
Level 1
Level 1

‎08-29-2012 09:28 PM

Hi James,

Correct me if im wrong but the way i understand this in generality is your inside host/s is trying to connect to your firewall's outside interface/ip address.

By default ASA doesnt allow it. So you need to enable redirection/U-turning/Hairpinning

0 Helpful

Go to solution
jdgriffiths
Level 1
Level 1

‎09-03-2012 12:46 PM

Thank you for the replies - we have an internal DNS server - all clients have this is their primary DNS. Would it be possible to create a "redirect" of some kind on the DNS to map requests for office.companyname.com/exchange to the internal name of the server, thus cutting the ASA out of the equation??? No idea how I would do this - not a server dude at all - any help would be appreciated!!!

0 Helpful

Go to solution
lcambron
Level 3
Level 3
In response to jdgriffiths

‎09-03-2012 02:02 PM

James,

I think you just need some NAT configuration.

Can you share your config and let us know the source IP address and the server's private IP?

Regards,

Felipe.

0 Helpful

Go to solution
Jon Eyes
Level 1
Level 1
In response to jdgriffiths

‎09-03-2012 02:17 PM

If we're talking a windows as a dns server here, just create a New Zone; Forward Lookup Zones > New Zone... default setting should work for most deployment, so i suggest keep the default. In  your case, companyname.com. Then point that zone ip address to the internal address of that server. Create a New Host (A or AAA) under that newly created zone then point it to its corresponding ip address.

0 Helpful

Go to solution
jdgriffiths
Level 1
Level 1
In response to Jon Eyes

‎09-10-2012 03:33 AM

Thank you Jonjon - worked nicely thank you.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card