Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

DNS issue with ASA 5510


I have a problem with DNS resolution with the ASA 5510. The DNS server is inside the LAN (x.y.11.0/24) and MPLS clients are coming from a DMZ segment. There is an MPLS Router between MPLS cloud and ASA, the DMZ is x.y.0.0/24 and DNS server is statically NATted with x.y.0.0 subnet IP. Everything is working fine, except DNS is not resolving the name request coming from MPLS. The request is reaching the DNS server, but while replying the DNS server gives x.y.11.0 IP, which is not crossing the FW. I cannot do the identity NAT for x.y.11.0 IP as we have to make changes in all over MPLS network, which is not feasible as number of locations are more than 100.

If anybody has the workaround, please reply. Thanks in advance.



New Member

Re: DNS issue with ASA 5510

Please post a scrubbed config.

Re: DNS issue with ASA 5510

Hi .. let me see if I have got it right ..?

you are basically trying to access a DNS server on your inside LAN from a network locate on the DMZ .. correct ..?

I am assuming that the security of the inside is higher that the DMZ right ..?

you should have a one to one static NAT like this ..

static (inside,dmz) x.y.?.? x.y.11.? netmask

then if you are getting the dns request hitting the DNS server, the issue is more likely that the dns server does not know how to get back to the MPLS segment .. packets from the dns server should be reaching the inside interface of the ASA on its way back to the MPLS cloud .. can you see that happening on the ADSM logs ..?

I hope it helps .. please rate it if it does !!!

CreatePlease login to create content