08-21-2018 08:33 AM - edited 02-21-2020 08:08 AM
Hi,
I have initialized 5506X without initialize the firepower module as I don't need it.
For testing, i didn't changed too much on the default settings. I have added public dns to the dhcpd setting so the inside computer will use public DNS for internet access.
Attached the test config.
Internal computer can get IP and the public DNS by DHCP of the ASA sucessfully, but can not resolve any website. But i can ping them by IP.
Any idea?
Suppose all inside to outside connection already allowed, because of the security level.
Do i need add access list to allow outbound DNS query?
Thanks,
Roy
08-21-2018 09:55 AM
You do not need an ACL to allow outbound traffic (higher to lower security). Can you ping the ISP provided DNS server? Try setting the DNS server to a known public DNS like 8.8.8.8 as a test.
Also run a packet tracer as below:
packet-tracer input <interface-name> udp <dhcp-ip> 53 <isp-dns> 53 detailed
08-23-2018 12:59 AM
Dear Rahul,
.... it's a stupid mistake, there is typo of the DNS server IP....
Thanks,
Roy
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: