Re: NAT Problem from inside to inside with DNS entry (ASA)
With the existing "dns" keyword configured on the static statement, as well as dns inspection enabled on the ASA global_policy, plus if the DNS request and reply actually pass through the ASA, then your internal host should be receiving the private ip address of the web server when performing DNS resolution.
The above statement is true if your internal host is using external DNS server for the resolution of your web server: web.portal.com, and the DNS resolution goes through the ASA.
Basically what will happen is internal host performs DNS resolution, DNS request goes outbound towards the external DNS server. External DNS server will reply with the public ip address, and once the DNS reply passes through the ASA, ASA will inspect the DNS reply and modified the reply from the web server public ip address to private ip address. Once the internal host receives the DNS reply, the web.portal.com entry resolves to the private ip address.
Pls let me know if you are not using the external DNS server to resolve the web.portal.com DNS, and the DNS request/reply does not go through the ASA.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...