Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ASA Forwarding Internal IP's to DNS

I have a new ASA 5505 that I am configuring to protect an internal LAN segment. Everything is working well except when I go to ping a name of a PC that is behind the firewall DNS returns the internal address of the PC (192.168.1.XXX) instead of it's external (10.23.22.XXX) ip. Why is that happining and how to stop it? Thanks for any help very much!

4 REPLIES
VIP Purple

It could be the DNS-doctoring

It could be the DNS-doctoring on the ASA. Look for the keyword "dns" at the end of your NAT-statements and remove them.

Community Member

Thanks very much - I removed

Thanks very much - I removed the dns statement and it didn't seem to work.

Community Member

If there actually were "DNS"

If there actually were "DNS" keywords at the end of the NAT statements then I'm pretty sure that was the issue.

 

At this point, you may need to clear the xlate or flush-dns on your hosts.  It could just be stale states.

Community Member

I agree with Karsten.See this

I agree with Karsten.

See this document http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/72273-dns-doctoring-3zones.html

Do a search for and go to "DNS Doctoring with the "dns" Keyword".

 

408
Views
0
Helpful
4
Replies
CreatePlease to create content