Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Firewall & DNS Records

I have this Senario as in attatchemnt

     i have WEB Server into the Inside Network is NAT to Outside

     when a client in the Outside Trying to Use the Resolved IP from the DNS the DNS reply by the IP that on the Inside for the Server itself before NAT

     Any Idea to prevent the ASA5510 to Send the Inside IP tp the Outside DNS???

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
VIP Purple

Firewall & DNS Records

You have to correct that on the DNS-server. There the public IP should be configured.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
7 REPLIES
New Member

Firewall & DNS Records

Hi Ahmad,

If you have static NAT translating outside IP to the inside one ASA will not send inside IP to the outside DNS.

But this is not very clear and I am not sure if I properly understood your post, so can you include your NAT config please?

Regards

Mariusz

New Member

Firewall & DNS Records

Hello

     thank you for your Concern

     when i run NSLOOKUP from the Client on the OutSide with the name of the WEB Server its Reply by the Internal IP Before NAT (LOCAL IP)

its Happen With me in 2 Different Sites

VIP Purple

Firewall & DNS Records

There is no communication between the ASA and the DNS-server. So the ASA doesn't send anthing to the DNS.

Regarding to your diagram, the DNS-server has a mapping to the internal address. A public DNS should always be configured with the public IP which would be 192.168.100.200 in your case. With that, the outside client would resolve the name to the right IP.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
New Member

Firewall & DNS Records

but its happen when you run cmd "nslookup" its reply by intenal IP noth the Global IP any idea

VIP Purple

Firewall & DNS Records

You have to correct that on the DNS-server. There the public IP should be configured.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
New Member

Firewall & DNS Records

this is what i use to do each time

VIP Purple

Firewall & DNS Records

What do you mean with "each time"? Is your change not permanent? What kind of DNS-server is it?

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
296
Views
0
Helpful
7
Replies