Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

DNS Resolution - Not Working

Hi,

My requirement is Local DNS Server on LAN to resolve all internet resolution for LAN Users.

On ASA I have natted public IP to DNS server IP, but doesnt seems to work.

Any Help.

ASA config is attached.

DNS Server on LAN : 192.168.100.5

6 REPLIES

Re: DNS Resolution - Not Working

Can you check these

- are you able to do dns lookup from the LAN DNS server itself ? if yes, then did you configure this server as a dns forwarder ?

- also on the ASA, is inspect DNS still there?

New Member

Re: DNS Resolution - Not Working

From LAN DNS Server I cannot resolve internet-Host. I have DNS Forwarder configured on LAN DNS Server.

On ASA I have tested with INSPECT DNS and without. But no Luck...

Is the ASA Configuration Correct for my requirement.

Re: DNS Resolution - Not Working

Your fw inside ip address 192.168.12.121, but dns server is 192.168.100.5.. is this on some other vlan behind some other L3 device? if so, does the firewall has the route for reaching the network 192.168.100.X

Also you may try to to remove the static NAT and do a hide nat with the outside interface. Then try to access internet from the local dns server.

no static (inside,Outside) 57.25.175.92 192.168.100.5

global (Outside) 1 interface

nat (inside) 1 192.168.100.0 255.255.255.0

If it works, then problem here is may be with arp-proxy or interface ACL on your internet router .

Try adding a static arp on your internet router for the public IP you are using for static NAT.

New Member

Re: DNS Resolution - Not Working

Hi,

Reachability is there.

I didnt understood adding static arp on internet router. What do you mean.

Please explain

Cisco Employee

Re: DNS Resolution - Not Working

That static ARP on the upstream router is to send packets destined to the PUBLIC address towards the firewall's outside interface's MAC address.

Pls. try loading google.com by its IP address in the browser.

ex:

http://64.233.169.104

If this works then, for one host on the inside change the DNS server's ip address to 4.2.2.2 and see if you get name resolution and be able to load the page by the name and not IP address.

Let us know how that goes.

New Member

Re: DNS Resolution - Not Working

Thank You.

4.2.2.2 didnt help.

Reloading doesnt help as well.

With name or IP it doesnt browse.

Any helpful internet link showing steps required on windows 2003 Server and ASA to recheck the config.

Is the config done on ASA (1st post) correct

531
Views
0
Helpful
6
Replies
作成コンテンツを作成するには してください