https://community.cisco.com/t5/network-security/firewall-dns/m-p/2087447#M392095 <P>&nbsp; Hi, </P><P></P><P></P><P>I have Wireless Client (172.31.250.x) in corpx segment (Secuirty 91) which are trying to access the webmail which is published over the internet. Email Server is </P><P></P><P>located inside segment (security 100) on IP address (192.168.251.137). Clients are able to browse Internet fine but emails and Internal Applications are not working </P><P></P><P>because Public DNS is resolving the PUbic IP addresses of these applications. </P><P></P><P>I want my Wireless Client to access these Internal IP addresses and want to configure the firewall for this DNS issue. </P><P><BR />Current configuration for the email Server is this</P><P></P><P></P><P>access-list acl-out extended permit tcp any host xx.210.84.37 eq https</P><P><BR />static (inside,outside) xx.210.84.37 192.168.251.137 netmask 255.255.255.255 </P><P></P><P>static (inside,corpx) xx.210.84.37 192.168.251.137 netmask 255.255.255.255</P><P></P><P>nat (inside) 1 0.0.0.0 0.0.0.0</P><P></P><P>nat (corpx) 1 0.0.0.0 0.0.0.0</P><P></P><P>global (corpx) 1 interface</P><P></P><P>global (inside) 1 interface</P><P></P><P>There is no access-list on the corpx interface.</P><P></P><P>Kindly assist what I am missing. I want the email server to be available for the wireless cients as well as Internet and users over the Internet.</P> Tue, 12 Mar 2019 00:53:10 GMT wasiimcisco 2019-03-12T00:53:10Z https://community.cisco.com/t5/network-security/firewall-dns/m-p/2087447#M392095 <P>&nbsp; Hi, </P><P></P><P></P><P>I have Wireless Client (172.31.250.x) in corpx segment (Secuirty 91) which are trying to access the webmail which is published over the internet. Email Server is </P><P></P><P>located inside segment (security 100) on IP address (192.168.251.137). Clients are able to browse Internet fine but emails and Internal Applications are not working </P><P></P><P>because Public DNS is resolving the PUbic IP addresses of these applications. </P><P></P><P>I want my Wireless Client to access these Internal IP addresses and want to configure the firewall for this DNS issue. </P><P><BR />Current configuration for the email Server is this</P><P></P><P></P><P>access-list acl-out extended permit tcp any host xx.210.84.37 eq https</P><P><BR />static (inside,outside) xx.210.84.37 192.168.251.137 netmask 255.255.255.255 </P><P></P><P>static (inside,corpx) xx.210.84.37 192.168.251.137 netmask 255.255.255.255</P><P></P><P>nat (inside) 1 0.0.0.0 0.0.0.0</P><P></P><P>nat (corpx) 1 0.0.0.0 0.0.0.0</P><P></P><P>global (corpx) 1 interface</P><P></P><P>global (inside) 1 interface</P><P></P><P>There is no access-list on the corpx interface.</P><P></P><P>Kindly assist what I am missing. I want the email server to be available for the wireless cients as well as Internet and users over the Internet.</P> Tue, 12 Mar 2019 00:53:10 GMT https://community.cisco.com/t5/network-security/firewall-dns/m-p/2087447#M392095 wasiimcisco 2019-03-12T00:53:10Z https://community.cisco.com/t5/network-security/firewall-dns/m-p/2087448#M392101 <HTML><HEAD></HEAD><BODY><P>You need DNS-doctoring:</P><P></P><P style="background-color: #ffffff; border-collapse: collapse; font-size: 12px; list-style: none; font-family: Arial, verdana, sans-serif;"><SPAN style="font-family: 'courier new', courier; font-size: 10pt;">static (inside,outside) xx.210.84.37 192.168.251.137 netmask 255.255.255.255 <STRONG>dns</STRONG></SPAN></P><P></P><P>What's that rule for:</P><P style="background-color: #f7fafb; border-collapse: collapse; font-size: 12px; list-style: none; font-family: Arial, verdana, sans-serif;"><SPAN style="font-family: 'courier new', courier; font-size: 10pt;">static (inside,corpx) xx.210.84.37 192.168.251.137 netmask 255.255.255.255</SPAN></P><P></P><P>Do you really need that?</P><P></P><P></P><P>--&nbsp; <BR />Don't stop after you've improved your network! Improve the world by lending money to the working poor: <BR /><A class="jive-link-external-small" href="http://www.kiva.org/invitedby/karsteni" rel="nofollow">http://www.kiva.org/invitedby/karsteni</A></P></BODY></HTML> Mon, 28 Jan 2013 12:18:04 GMT https://community.cisco.com/t5/network-security/firewall-dns/m-p/2087448#M392101 Karsten Iwen 2013-01-28T12:18:04Z https://community.cisco.com/t5/network-security/firewall-dns/m-p/2087449#M392107 <HTML><HEAD></HEAD><BODY><P> Hi, </P><P></P><P>I tried the above command but no luck. </P><P></P><P>static (inside,outside) xx.210.84.37 192.168.251.137 netmask 255.255.255.255 dns</P><P></P><P>I have even removed the below mention commnad though the below command was DNS docotoring so that once the request hit on corpx interface it will redirect to inside interface towards the private IP address of exchange.</P><P></P><P>But both the options are not working. </P><P></P><P></P><P>Kindly assist. </P></BODY></HTML> Tue, 29 Jan 2013 03:36:20 GMT https://community.cisco.com/t5/network-security/firewall-dns/m-p/2087449#M392107 wasiimcisco 2013-01-29T03:36:20Z https://community.cisco.com/t5/network-security/firewall-dns/m-p/2087450#M392114 <HTML><HEAD></HEAD><BODY><P>did you clear the DNS caches on your PC?<BR /><BR /><BR />Sent from Cisco Technical Support iPad App</P></BODY></HTML> Tue, 29 Jan 2013 06:45:05 GMT https://community.cisco.com/t5/network-security/firewall-dns/m-p/2087450#M392114 Karsten Iwen 2013-01-29T06:45:05Z