Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
368
Views
0
Helpful
1
Replies

Inside-Outside-Inside Routing

oneirishpollack
Level 1
Level 1

‎08-24-2009 07:22 AM - edited ‎03-11-2019 09:08 AM

We have a server in our DMZ called "Sue". Our wireless clients' DHCP scope has a private inside address, but a single DNS entry for a server on the outside.

The outside DNS server has a record for "Sue"'s public address. So when an inside wireless client resolves "Sue" it translates to the public address, and when the the inside client tries to access it using that address, it is blocked.

Does this sound right?

Why is that?

Does this make sense?

Labels:
0 Helpful
1 Reply 1

suschoud
Cisco Employee
Cisco Employee

‎08-24-2009 05:15 PM

Hi,

We call this dns doctoring ( resolving the above issue ).

Through this,basically when inside client tries to access SUE,the ip address which external dns server sends back is public but ASA convert it to private ip of SUE.

you would have a static command in ASA/PIX

static (dmz,outside) < private ip of sue>

Remove this static and add :

static (dmz,outside) < private ip of sue> DNS

For further reading,just search dns doctoring on cisco.

There is one more way,

static (dmz,inside) < private ip of sue>

through this,when inside comp. would receive public ip of SUE,then the above static command would send it to actual ip of SUE is dmz.

Please rate if helps.

Regards,

Sushil

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card