Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Badly Explained ASA Question

Hi there -

we have just installed a new ASA and its great except for one little issue. The outside interface IP address has a DNS name in the outside world of office.companyname.com - with our users connecting their IPhones etc to exchange via office.companyname.com/exchange - this all still works when they are outside the network, but from inside the network this server is no longer accessible. If I ping this name from the inside of the network, the IP is resolved but then the ping times out.

Any ideas??? Hope that makes sense......probably havent explained it too well!!

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Badly Explained ASA Question

If we're talking a windows as a dns server here, just create a New Zone; Forward Lookup Zones > New Zone... default setting should work for most deployment, so i suggest keep the default. In  your case, companyname.com. Then point that zone ip address to the internal address of that server. Create a New Host (A or AAA) under that newly created zone then point it to its corresponding ip address.

6 REPLIES
Cisco Employee

Badly Explained ASA Question

James,

If it's a problem of DNS you can have a look either into DNS doctoring (available on ASA) or setting up multiple zones (bind name) on your DNS.

I guess you would have expected office...../exchange to go to internal server?

Hard to say more without actual config - if in doubt you always have TAC ;-)

M.

New Member

Badly Explained ASA Question

Hi James,

Correct me if im wrong but the way i understand this in generality is your inside host/s is trying to connect to your firewall's outside interface/ip address.

By default ASA doesnt allow it. So you need to enable redirection/U-turning/Hairpinning

New Member

Badly Explained ASA Question

Thank you for the replies - we have an internal DNS server - all clients have this is their primary DNS. Would it be possible to create a "redirect" of some kind on the DNS to map requests for office.companyname.com/exchange to the internal name of the server, thus cutting the ASA out of the equation??? No idea how I would do this - not a server dude at all - any help would be appreciated!!!

Bronze

Badly Explained ASA Question

James,

I think you just need some NAT configuration.

Can you share your config and let us know the source IP address and the server's private IP?

Regards,

Felipe.

New Member

Badly Explained ASA Question

If we're talking a windows as a dns server here, just create a New Zone; Forward Lookup Zones > New Zone... default setting should work for most deployment, so i suggest keep the default. In  your case, companyname.com. Then point that zone ip address to the internal address of that server. Create a New Host (A or AAA) under that newly created zone then point it to its corresponding ip address.

New Member

Badly Explained ASA Question

Thank you Jonjon - worked nicely thank you.

430
Views
0
Helpful
6
Replies
CreatePlease login to create content