For hosts on the dmz when connecting from the inside we use the static with dns command for dns rewrite (external dns) , but i would like to use this for the ip/dns on the outside interface to, is this somehow possible, to rewrite the external outside ip to the internal inside ip?
We don't have a dns on the inside for this, it's possible, but wanted to check if this was possible to configure on the firewall.
Your question is not very clear as to where your users/client and server would be located (which ifc of ASA).
Though what I understand, is that you want to have internal (behind inside ifc of ASA) users and you want them to be able to access an external website using an internal IP even though the external DNS server sends server's external IP address in the DNS reply.
So, here firewall needs to rewrite the DNS qreply packet coming back to client. This scenario of "Destination NAT" can be achieved as follows :
static (outside,inside) netmask 255.255.255.255 dns
Thanks for replying, i'm not being really clear about this myself.
I would like to do like below but i understand thats not possible, just as an example for the dns rewrite.
static (outside,inside) <inside_interface_ip> <outside_interface_ip> netmask 255.255.255.255 dns
When users on the inside connects to https://vpn.company.com they get from the external dns the outside_interface_ip, so i would like the firewall to rewrite the dns reply with the inside_interface_ip instead.
This is only a one timer when we need to install the vpnclient and its smooth to use the webvpn functions for this and i use group alias for this and we use certficate authentication, so i would like to use the same dns name, but we dont have an dns on the inside for this, it's possible, but i wanted to check if i could get this to work with the firewall instead.
It is very like the scenario where we have resources on the dmz and both external users and inside users need to connect with dns address to the servers, for this we have the static nat with dns configured and works great, but i would like the same rewrite but from the outside_interface_ip to the inside_interface_ip.
Or get the inside users to connect to the vpn service on the outside interface.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...