Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Remote DNS server across ASA

Hi guys,

i am hoping if anyone can reply to my query below.

We have got a new batch of servers and they reside on a separate VLAN 192.168.45.x

Those  servers are required to be registered on the DNS server located on  the remote site (SITE 2). Please refer to the attached diagaram. We  also have a DNS server in our LAN but these new servers will need  to be in the domain in SITE 2

Can anyone advise if need anythin else other than the following ACLs in the ASA firewall

Access-list inside extended permit udp host eq 53

Access-list inside extended permit tcp host eq 53



Hall of Fame Super Silver

Remote DNS server across ASA

Your question and diagram imply you have a site-site VPN in place between the ASAs. In that case the access-list(s) called out by your cryptomap would be used to control the traffic. Typical configuration would be to allow to access via that VPN tunnel. Whatever route you take, both ends would need to have the access-list (and/or cryptomap) in place.

New Member

Remote DNS server across ASA

Hi Marvin,

Thank you for the reply.

We have a point to point connection. The router shown the diagram are managed by the service provider.

There is no other config required other the ACLs i have listed above?


Hall of Fame Super Silver

Remote DNS server across ASA

The ACL entries above will allow DNS queries across the provider link from your local site. We are assuming matching entries allow the communications on the remote and and that routing etc. is all in place.. 

You asked however about needing to be "registered" on the DNS server and in the domain. Also your diagram mentions the server is a DHCP server and you show it configured with the helper-address in your local core switch. DHCP uses TCP ports 67 and 68. When you say domain if you are talking about a Windows domain that is another set of ports.

CreatePlease to create content