https://community.cisco.com/t5/network-security/dns-doctoring-network-range/m-p/1970212#M401608 <HTML><HEAD></HEAD><BODY><P>Hi Bro</P><P>This is not possible. Let me explain why.</P><P></P><P>Firstly, it should be static (inside,dmz) not the other way around, unless of course you're doing a 2-way NAT which is not your case.</P><P></P><P>The statement static (inside,dmz) 10.10.10.0 20.20.20.0 netmask 255.255.255.0 means you're doing IP TRANSLATION, which is not what you're doing either.</P><P></P><P>The only reason you use DNS Doctoring, is so that LAN users are able to see the internal web servers as a private address (the real address) when the DNS client is on LAN.</P><P></P><P><A href="http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968c8.shtml#intro">http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968c8.shtml#intro</A></P><P></P><P></P><P>P/S: if you think this comment is useful, please do rate them nicely <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P></BODY></HTML> Thu, 26 Jul 2012 16:40:41 GMT Ramraj Sivagnanam Sivajanam 2012-07-26T16:40:41Z https://community.cisco.com/t5/network-security/dns-doctoring-network-range/m-p/1970211#M401607 <P>Hello</P><P></P><P>I find plenty of examples of host configurations, like...</P><P>static (dmz,inside) X.X.X.X Y.Y.Y.Y netmask 255.255.255.255 dns</P><P></P><P>Can I also configure it for networks, like...</P><P>static (dmz,inside) X.X.X.X Y.Y.Y.Y netmask 255.255.255.0 dns</P><P></P><P>The reason to deploy the network method would be when I don't know all the internal servers being targeted by clients.</P><P></P><P>Thanks you for helping me</P><P></P><P></P><P><STRONG style="color: #222222; font-family: arial, sans-serif; font-size: 13.333333969116211px; text-align: -webkit-auto; background-color: #ffffff;"> </STRONG></P> Mon, 11 Mar 2019 23:34:55 GMT https://community.cisco.com/t5/network-security/dns-doctoring-network-range/m-p/1970211#M401607 Walter1972_2 2019-03-11T23:34:55Z https://community.cisco.com/t5/network-security/dns-doctoring-network-range/m-p/1970212#M401608 <HTML><HEAD></HEAD><BODY><P>Hi Bro</P><P>This is not possible. Let me explain why.</P><P></P><P>Firstly, it should be static (inside,dmz) not the other way around, unless of course you're doing a 2-way NAT which is not your case.</P><P></P><P>The statement static (inside,dmz) 10.10.10.0 20.20.20.0 netmask 255.255.255.0 means you're doing IP TRANSLATION, which is not what you're doing either.</P><P></P><P>The only reason you use DNS Doctoring, is so that LAN users are able to see the internal web servers as a private address (the real address) when the DNS client is on LAN.</P><P></P><P><A href="http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968c8.shtml#intro">http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968c8.shtml#intro</A></P><P></P><P></P><P>P/S: if you think this comment is useful, please do rate them nicely <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P></BODY></HTML> Thu, 26 Jul 2012 16:40:41 GMT https://community.cisco.com/t5/network-security/dns-doctoring-network-range/m-p/1970212#M401608 Ramraj Sivagnanam Sivajanam 2012-07-26T16:40:41Z