I have two public accessible DNS servers that I am trying to put behind a PIX 501 to provide name resolution for the domains that we host. I can assign the public IP address to the WAN interface of the PIX and setup a static NAT to the internal address that has been assigned to the DNS server. I can run a sniffer and see there are lookup requests being passed the DNS serve from the PIX, but I am not seeing any responses from the DNS server or any non authoritative lookup requests being made.
Hi .. static NAt and DNS access to the external Ip address is all you need to allow lookups from the internet. If while sniffing the packets you are able to see DNS request from external addresses reaching your DNS server but not response back . then the issue is most likely the DNS server itself .. make sure the DNS services are up and running and also make sure the dafault gateway is properly configured.
Hi .. I suggets to mirror the port of one of the DNS servers and look at the packets using ethereal .. basically you will need to check as to whether dns request are reaching the server and if the server is sending the responses back ..
If the server is in fact sending responses back .. then the packets must be dropped in transit .. and then you can start looking at whatever is between the firewall and the dns server.
if the server is not sending responses back then the issue is the server
If the server is not receiving dns request at all from the Internet then make sure that the access list applied to the outside interface allows dns for the Public address you are using on your static NAT commands.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :