NAT on ASA not functioning correctly - Help Please
We recently replaced our NAT Router (3660) with a resilient pair of ASA5520's. All is working well, except that when someone from the 'outside' does a lookup against an 'inside' DNS server, the TTL on the response is not getting re-written as it should.
What this means is that someone looks up a device and gets a valid DNS lookup with a TTL of say 24Hours. They use the connection, then go out for lunch or something and come back. When they try to connect to the device again, the DNS lookup has not expired, but the NAT translation on the ASA has, so they are unable to connect.
This worked perfectly on the 3660 (it reset the TTL on all DNS responses to 0 by default!). However we are unable to find out how to do this on the ASA's.
Please can anyone help? This is really badly affecting people connecting into our Organisation, and if we can't find the resolution soon we will have to rip out the ASA's
Re: NAT on ASA not functioning correctly - Help Please
Pinging to test questionable operation of a network device?A ping may be initiated from an adaptive security appliance interface to a network device that is suspected to be functioning incorrectly. If the interface is configured correctly and an echo is not received, there may be problems with the device.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...