https://community.cisco.com/t5/network-security/badly-explained-asa-question/m-p/2033702#M400139 <HTML><HEAD></HEAD><BODY><P>If we're talking a windows as a dns server here, just create a New Zone; Forward Lookup Zones &gt; New Zone... default setting should work for most deployment, so i suggest keep the default. In&nbsp; your case, companyname.com. Then point that zone ip address to the internal address of that server. Create a New Host (A or AAA) under that newly created zone then point it to its corresponding ip address.</P></BODY></HTML> Mon, 03 Sep 2012 21:17:50 GMT Jon Eyes 2012-09-03T21:17:50Z https://community.cisco.com/t5/network-security/badly-explained-asa-question/m-p/2033697#M400134 <P>Hi there - </P><P></P><P>we have just installed a new ASA and its great except for one little issue. The outside interface IP address has a DNS name in the outside world of office.companyname.com - with our users connecting their IPhones etc to exchange via office.companyname.com/exchange - this all still works when they are outside the network, but from inside the network this server is no longer accessible. If I ping this name from the inside of the network, the IP is resolved but then the ping times out.</P><P></P><P>Any ideas??? Hope that makes sense......probably havent explained it too well!! </P> Mon, 11 Mar 2019 23:47:36 GMT https://community.cisco.com/t5/network-security/badly-explained-asa-question/m-p/2033697#M400134 jdgriffiths 2019-03-11T23:47:36Z https://community.cisco.com/t5/network-security/badly-explained-asa-question/m-p/2033698#M400135 <HTML><HEAD></HEAD><BODY><P>James, </P><P></P><P>If it's a problem of DNS you can have a look either into DNS doctoring (available on ASA) or setting up multiple zones (bind name) on your DNS. </P><P></P><P>I guess you would have expected office...../exchange to go to internal server?</P><P></P><P>Hard to say more without actual config - if in doubt you always have TAC <span class="lia-unicode-emoji" title=":winking_face:">😉</span></P><P></P><P>M.</P></BODY></HTML> Wed, 29 Aug 2012 18:51:44 GMT https://community.cisco.com/t5/network-security/badly-explained-asa-question/m-p/2033698#M400135 Marcin Latosiewicz 2012-08-29T18:51:44Z https://community.cisco.com/t5/network-security/badly-explained-asa-question/m-p/2033699#M400136 <HTML><HEAD></HEAD><BODY><P>Hi James,</P><P></P><P>Correct me if im wrong but the way i understand this in generality is your inside host/s is trying to connect to your firewall's outside interface/ip address.</P><P>By default ASA doesnt allow it. So you need to enable redirection/U-turning/Hairpinning</P></BODY></HTML> Thu, 30 Aug 2012 04:28:43 GMT https://community.cisco.com/t5/network-security/badly-explained-asa-question/m-p/2033699#M400136 Jon Eyes 2012-08-30T04:28:43Z https://community.cisco.com/t5/network-security/badly-explained-asa-question/m-p/2033700#M400137 <HTML><HEAD></HEAD><BODY><P>Thank you for the replies - we have an internal DNS server - all clients have this is their primary DNS. Would it be possible to create a "redirect" of some kind on the DNS to map requests for office.companyname.com/exchange to the internal name of the server, thus cutting the ASA out of the equation??? No idea how I would do this - not a server dude at all - any help would be appreciated!!! <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/happy.gif"></SPAN></P></BODY></HTML> Mon, 03 Sep 2012 19:46:32 GMT https://community.cisco.com/t5/network-security/badly-explained-asa-question/m-p/2033700#M400137 jdgriffiths 2012-09-03T19:46:32Z https://community.cisco.com/t5/network-security/badly-explained-asa-question/m-p/2033701#M400138 <HTML><HEAD></HEAD><BODY><P>James,</P><P></P><P>I think you just need some NAT configuration.</P><P></P><P>Can you share your config and let us know the source IP address and the server's private IP?</P><P></P><P>Regards,</P><P></P><P>Felipe.</P></BODY></HTML> Mon, 03 Sep 2012 21:02:47 GMT https://community.cisco.com/t5/network-security/badly-explained-asa-question/m-p/2033701#M400138 lcambron 2012-09-03T21:02:47Z https://community.cisco.com/t5/network-security/badly-explained-asa-question/m-p/2033702#M400139 <HTML><HEAD></HEAD><BODY><P>If we're talking a windows as a dns server here, just create a New Zone; Forward Lookup Zones &gt; New Zone... default setting should work for most deployment, so i suggest keep the default. In&nbsp; your case, companyname.com. Then point that zone ip address to the internal address of that server. Create a New Host (A or AAA) under that newly created zone then point it to its corresponding ip address.</P></BODY></HTML> Mon, 03 Sep 2012 21:17:50 GMT https://community.cisco.com/t5/network-security/badly-explained-asa-question/m-p/2033702#M400139 Jon Eyes 2012-09-03T21:17:50Z https://community.cisco.com/t5/network-security/badly-explained-asa-question/m-p/2033703#M400140 <HTML><HEAD></HEAD><BODY><P>Thank you Jonjon - worked nicely thank you. <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/happy.gif"></SPAN></P></BODY></HTML> Mon, 10 Sep 2012 10:33:16 GMT https://community.cisco.com/t5/network-security/badly-explained-asa-question/m-p/2033703#M400140 jdgriffiths 2012-09-10T10:33:16Z