Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Traffic goes from ASA & comeback on same problem

Hi,

My internet link is connected on Internet Router & below downwards Cisco ASA 5520 is connected.ASA is connected with core switch cisco 4510 on downwards.

our webbased mail url owa.test.com is hosted outside.

Lets suppose ISP pool is 4.4.4.0/28.suppose owa server is Static natted on ASA with 4.4.4.4. my machine traffic is going to internet with same ISP with the help of PAT on Cisco ASA & internet is working on my machine. if i want to access owa.test.com or ip base for mail access, its not working & also it is not pinging. i suppose to ASA is blocking for returning traffic.

is there any way to traffic will go via same Firewal & comeback on same firewall port?

Please help us how to resolve it.

Thanks

Vinod Kumar Gupta

9810966625

1 REPLY
Super Bronze

Re: Traffic goes from ASA & comeback on same problem

Hi,

What I understand from your post the situation is the following

  • You have a mail server on your inside network
  • Its NATed to a public IP from your ISP
  • The public IP has DNS name of owa.test.com associated with it
  • You are connecting to the mail server from your inside network with the DNS name?

If this is the case can you please provide me with the following information

  • the "static" command for the mail server (you can leave out the actual IPs if needed)
  • Is the DNS server you local computer uses located in the Internet or your local network?

I think you will need the ASA to handle the DNS replies that are coming from a DNS server from the outside network

This would require that you have a "dns" parameter in your "static" nat command for the mail server.

For example likes this (presuming you are running software 8.2 or earlier):

static (inside,outside) 4.4.4.4 x.x.x.x netmask 255.255.255.255 dns

If you are running 8.3 or newe software the same would be

object network MAIL-SERVER

host x.x.x.x

nat (inside,outside) static 4.4.4.4 dns

Hope this helps.

Please rate if it was any of any help

- Jouni

216
Views
0
Helpful
1
Replies
CreatePlease to create content