I have looked at the following article on DNS doctoring and while it makes sense, it doesn't cover my scenario.
Basically I have an exchange server that is in my inside network and I have a NAT on the exchange box to the outside currently. I also have a DMZ area for a wireless gust network defined on the ASA. When a smartphone connects to the guest wireless their exchange email stops syncing because U-turn is disabled on the firewall be default. Is it possible to use DNS doctoring on the Public DMZ to translate my exchange box to its inside address?
Solved! Go to Solution.
Ok, so I have the following NAT's:
static (inside,outside) tcp interface https 192.168.0.2 https netmask 255.255.255.255 dns
static (inside, public) 192.168.0.2 192.168.0.2 netmask 255.255.255.255
The machines in the public DMZ still get the outside interface IP when looking up my exchange box. It's not doctoring the request from the public to the exchange box.
Traffic from the DNS gets read by the ASA and would normally be routed out to the internet, but the ASA does a lookup and sees that there is a translation for it. It then looks up the NAT and routes it to the inside IP. Glad to hear it's working.
Lets assume that your outside interface ip address is: 184.108.40.206
static (inside, public) 220.127.116.11 192.168.0.2 netmask 255.255.255.255
Hope this helps.
That's what I don't understand. The only public DMZ NAT that I have is dynamic to the outside interface.
nat (Public) 10 0.0.0.0 0.0.0.0
I don't have any other nat to the public DMZ interface.