Dear community,
Just a quick question. I would like to implement the FQDN ACL feature. The ASA which I am using for this, has a private IP address configured on it's outside if.
Traffic initiated from the inside if's will be static 1:1 natted to a public IP range. Traffic initiated on the ASA itself (to query the configured DNS servers), will leave the outside if (according to the routing table) and carry it's private IP as a source IP. There's a router behind this private subnet, which provides the actual Internet access. This router doesn't do any NAT, it expects the traffic is already NATted to a specific public pool. I tried to NAT these DNS queries initiated from the ASA itself, but apparently this traffic doesn't hit any NAT rule I tried to configure.
Any idea's if this is just working as designed or is it in any way possible to get this DNS traffic, originating at the ASA itself, to be natted?
thanks in advance!