https://community.cisco.com/t5/network-security/two-domains-dns/m-p/1258197#M858580 <HTML><HEAD></HEAD><BODY><P>Hi, there is our network sample configuration that is worked fine.</P><P></P><P>Outside) Public network IP 202.20.1.0/24 </P><P>(Inside) Pivate 192.168.100.0/24</P><P>*** Public IP 202.20.1.10 www nat map to private IP 192.168.100.10 www </P><P></P><P></P><P>access-list OUTSIDE extended permit tcp any host 202.20.1.10 eq www</P><P>!--- Simple access-list that permits HTTP access to the mapped</P><P>!--- address of the WWW server.</P><P></P><P>global (outside) 1 interface</P><P>nat (inside) 1 192.168.100.0 255.255.255.0</P><P>static (inside,outside) 202.20.1.10 192.168.100.10 netmask 255.255.255.255 dns</P><P>!--- PAT and static NAT configuration. The DNS keyword instructs</P><P>!--- the security appliance to rewrite DNS records related to this entry.</P><P></P><P>access-group OUTSIDE in interface outside</P><P>!--- The Access Control List (ACL) that permits HTTP access</P><P>!--- to the WWW server is applied to the outside interface.</P><P></P><P></P><P></P><P>policy-map type inspect dns MY_DNS_INSPECT_MAP</P><P>parameters</P><P>message-length maximum 512</P><P>!--- DNS inspection map.</P><P></P><P>policy-map global_policy</P><P>class inspection_default</P><P>inspect dns MY_DNS_INSPECT_MAP</P><P>!--- DNS inspection is enabled using the configured map.</P></BODY></HTML> Sun, 19 Jul 2009 08:12:32 GMT pccw258103 2009-07-19T08:12:32Z https://community.cisco.com/t5/network-security/two-domains-dns/m-p/1258193#M858573 <P>Hi, hope someone can help</P><P>I have a ASA 5510 with 2 domains connected to separate internal interfaces both NAT'ed to public IPs and one external interface with a public IP everything is working great apart from if one domain sends an email to the other.</P><P></P><P>Internal users on each domain resolve the other domain name to it's public ip. I have setup DNS rewrite but this has not solved the problem, all external users can access both domains.</P><P></P><P>Thanks</P><P>Jim</P> Mon, 11 Mar 2019 15:56:35 GMT https://community.cisco.com/t5/network-security/two-domains-dns/m-p/1258193#M858573 jwright 2019-03-11T15:56:35Z https://community.cisco.com/t5/network-security/two-domains-dns/m-p/1258194#M858576 <HTML><HEAD></HEAD><BODY><P>Hi, where do the DNS place at??</P><P>Internal Interfaces or Outside interfaces</P><P></P></BODY></HTML> Sun, 19 Jul 2009 04:09:58 GMT https://community.cisco.com/t5/network-security/two-domains-dns/m-p/1258194#M858576 pccw258103 2009-07-19T04:09:58Z https://community.cisco.com/t5/network-security/two-domains-dns/m-p/1258195#M858578 <HTML><HEAD></HEAD><BODY><P>Hi, where do the DNS place at??</P><P>Internal Interfaces or Outside interfaces</P><P></P></BODY></HTML> Sun, 19 Jul 2009 04:10:38 GMT https://community.cisco.com/t5/network-security/two-domains-dns/m-p/1258195#M858578 pccw258103 2009-07-19T04:10:38Z https://community.cisco.com/t5/network-security/two-domains-dns/m-p/1258196#M858579 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P>Outside interface DNS servers.</P><P>thanks </P></BODY></HTML> Sun, 19 Jul 2009 07:03:46 GMT https://community.cisco.com/t5/network-security/two-domains-dns/m-p/1258196#M858579 jwright 2009-07-19T07:03:46Z https://community.cisco.com/t5/network-security/two-domains-dns/m-p/1258197#M858580 <HTML><HEAD></HEAD><BODY><P>Hi, there is our network sample configuration that is worked fine.</P><P></P><P>Outside) Public network IP 202.20.1.0/24 </P><P>(Inside) Pivate 192.168.100.0/24</P><P>*** Public IP 202.20.1.10 www nat map to private IP 192.168.100.10 www </P><P></P><P></P><P>access-list OUTSIDE extended permit tcp any host 202.20.1.10 eq www</P><P>!--- Simple access-list that permits HTTP access to the mapped</P><P>!--- address of the WWW server.</P><P></P><P>global (outside) 1 interface</P><P>nat (inside) 1 192.168.100.0 255.255.255.0</P><P>static (inside,outside) 202.20.1.10 192.168.100.10 netmask 255.255.255.255 dns</P><P>!--- PAT and static NAT configuration. The DNS keyword instructs</P><P>!--- the security appliance to rewrite DNS records related to this entry.</P><P></P><P>access-group OUTSIDE in interface outside</P><P>!--- The Access Control List (ACL) that permits HTTP access</P><P>!--- to the WWW server is applied to the outside interface.</P><P></P><P></P><P></P><P>policy-map type inspect dns MY_DNS_INSPECT_MAP</P><P>parameters</P><P>message-length maximum 512</P><P>!--- DNS inspection map.</P><P></P><P>policy-map global_policy</P><P>class inspection_default</P><P>inspect dns MY_DNS_INSPECT_MAP</P><P>!--- DNS inspection is enabled using the configured map.</P></BODY></HTML> Sun, 19 Jul 2009 08:12:32 GMT https://community.cisco.com/t5/network-security/two-domains-dns/m-p/1258197#M858580 pccw258103 2009-07-19T08:12:32Z https://community.cisco.com/t5/network-security/two-domains-dns/m-p/1258198#M858581 <HTML><HEAD></HEAD><BODY><P>sample network diag</P><P></P><P> </P><P></P></BODY></HTML> Sun, 19 Jul 2009 08:41:28 GMT https://community.cisco.com/t5/network-security/two-domains-dns/m-p/1258198#M858581 pccw258103 2009-07-19T08:41:28Z https://community.cisco.com/t5/network-security/two-domains-dns/m-p/1258199#M858582 <HTML><HEAD></HEAD><BODY><P>Thanks for the example cofig and diagram, I have attached a layout of what I am trying to achieve, if company 1 send an email to company 2 it fails, or browses a web page hosted by the other company. I want the 2 companies to be separate although they are both using the same ASA.</P><P></P><P>Jim</P><P></P><P>Thanks</P><P>Jim</P><P></P><P> </P><P></P></BODY></HTML> Mon, 20 Jul 2009 07:46:12 GMT https://community.cisco.com/t5/network-security/two-domains-dns/m-p/1258199#M858582 jwright 2009-07-20T07:46:12Z