Re: ASA dns

332953358 · ‎09-13-2022

如图，在局域网内是没有DNS的，客户端是通过ASA dhcp下发的外部DNS地址。内部网络中有一台服务器，和客户端是在同一个局域网中，现在的要求是Client可以通过计算机名（或域名）demo.mydomain.com 访问www server，应该如何配置ASA？Client数据太多，编辑host文件的方法不适用。

332953358 · ‎09-13-2022

重要的一点是 www server 不能发布到internet上

Sheraz.Salim · ‎09-13-2022

Hey.

Have a look on these link cisco already showed the configuration of this setup

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/72273-dns-doctoring-3zones.html

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/115753-dns-doctoring-asa-config.html

please do not forget to rate.

Aref Alsouqi · ‎09-13-2022

Depends on if you want the server to gets back to the client with its public or private IP address you can apply one of the following solutions:

To be able to reach the internal server with its public IP and get the replies sourcing from the server's public IP:

nat (inside,inside) source dynamic < LAN subnet object > interface destination static < Server public IP object > < Server private IP object >
nat (inside,outside) source static < Server private IP object > < Server public IP object >
nat (inside,outside) after-auto source dynamic < LAN subnet object > interface

To be able to reach the internal server with its public IP and get the replies sourcing from the server's private IP:

nat (inside,any) source static < Server private IP object > < Server public IP object >
nat (inside,outside) source dynamic < LAN subnet object > interface