08-01-2010 02:54 AM - edited 03-11-2019 11:19 AM
Hi,
I am struggling with dns resolution from a machine located in the dmz. The Inside machines are ok but I want only 1 machine in the Dmz to be able to access the Internet. I have configured the following and I can use the IP address in the browser and pull up a page ok, but not using nslookup on the PC or via the browser. The PC has an external dns server configured 195.14.130.170. I configured the following but just cant get dns queries to work. One extra complication is that there is a vpn configured and this same host is accessed via the vpn (this bit works ok). Have I configured this ok to allow the vpn to configure working and allow this host internet access?
nat (dmz) 1 access-list dmz_nat_outbound
object-group service webservices tcp-udp
port-object eq www
port-object eq 443
port-object eq domain
access-list dmz_nat_outbound extended permit tcp 192.168.20.10 any object-group webservices
Solved! Go to Solution.
08-01-2010 05:44 AM
Can you run a packet tracer
packet-tracer input inside udp 192.168.20.10 53 195.14.130.170 53 detailed
Also you could try this:
add another line to the access-list
access-list dmz_nat_outbound extended permit udp 192.168.20.10 any domain
08-01-2010 05:44 AM
Can you run a packet tracer
packet-tracer input inside udp 192.168.20.10 53 195.14.130.170 53 detailed
Also you could try this:
add another line to the access-list
access-list dmz_nat_outbound extended permit udp 192.168.20.10 any domain
08-04-2010 11:41 AM
Hi Rahgovin,
Thanks for responding, I noticed that I had specified TCP in the access list even though I had added domain to the port object group.
Thanks for your Help.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: