I am facing a DNS issue due to NAT, i think dns doctoring can solve this but the scenario is a little different so not sure of the exact solution.
Attached is the network diagram. Exchange Server , DNS and Domain Controller are all located on a single physical server which has an IP 172.20.10.100. Both the server and the intenal users reside on the inside subnet. In the DNS the name-to-IP mapping is for example srv.abc.com -> 172.20.10.100. The Inside users have no connectivity issue.
The server is translated to 192.168.100.20 when accessing the outside network, this is a static translation
The Branch users when they access they try to resolve srv.abc.com get the mapping to 172.20.10.100 which does not allow communication using name as Branch users cannot access 172.20.10.100 but they can access 192.168.100.20.
What needs to be configured on the ASA to resolve this issue ?
will this work
static (Inside,Outside) 192.168.100.20 172.20.10.100 netmask 255.255.255.255 dns
It didn't work. I specified the command using dns keyword and flushed the DNS on the Branch host, the host still resolves the name of the server to 172.20.10.100. Is there any other thing which needs to be done.
Is the user using the public ip address of the HQ dns server for dns resolution? It will only work if the dns request passes through the HQ ASA where the static with "dns" keyword is configured, and the reply goes back through the ASA as well.
Can you please confirm what DNS server is used at your branch host?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :