I have about 100 servers in a DMZ. We did our 2nd phase firewall test this weekend, and I found out that all of the servers in the DMZ are set to look at the firewall's DMZ interface for DNS. The old firewall was a Symantec SGS that did DNS forwarding, so the client could set up their DNS settings to point to the firewall instead of an actual DNS server.
I also found out that there are several hundred people that have their proxy server set up in IE as the firewall's ip address and the port is 80. My questions are this:
a.) Is there any way to do a redirect in the ASA for any DNS requests coming in on the DMZ interface, to another server either inbound our outbound? Can I use nat for something like this?
b.) Is there ANY way to be able to configure the ASA to act as a proxy besides cut-through? I just want the request that comes in on port 80 to be allowed out, but I think the ASA is seeing this has web management port, and drops the traffic. (I'm probably wrong on that one.)
I have a personal at the house that I can test things on. I VPN in from the office and remote into a box at the house. I set up the workstation to point to my ASA as the dns server. When I use the dns tag for doctoring, it says that ALL traffic will be redirected, so instead I did this (and it works too).
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :