Cisco Support Community
Community Member

NAT on ASA not functioning correctly - Help Please

Hi All,

We recently replaced our NAT Router (3660) with a resilient pair of ASA5520's. All is working well, except that when someone from the 'outside' does a lookup against an 'inside' DNS server, the TTL on the response is not getting re-written as it should.

What this means is that someone looks up a device and gets a valid DNS lookup with a TTL of say 24Hours. They use the connection, then go out for lunch or something and come back. When they try to connect to the device again, the DNS lookup has not expired, but the NAT translation on the ASA has, so they are unable to connect.

This worked perfectly on the 3660 (it reset the TTL on all DNS responses to 0 by default!). However we are unable to find out how to do this on the ASA's.

Please can anyone help? This is really badly affecting people connecting into our Organisation, and if we can't find the resolution soon we will have to rip out the ASA's

Many Thanks in Advance.


Re: NAT on ASA not functioning correctly - Help Please

Pinging to test questionable operation of a network device?A ping may be initiated from an adaptive security appliance interface to a network device that is suspected to be functioning incorrectly. If the interface is configured correctly and an echo is not received, there may be problems with the device.

Community Member

Re: NAT on ASA not functioning correctly - Help Please

I think you've mis-posted! :)

CreatePlease to create content