Re: cisco ASA can not resolve domain name

fwadmin · ‎09-14-2020

domain-name fortinet.com
enable password 2KFQnbNIdI.2KYOU encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Vlan1
shutdown
no nameif
security-level 100
no ip address
!
interface Vlan2
nameif manage
security-level 80
ip address 172.16.0.2 255.255.255.0
!
interface Vlan100
description inside interface
nameif inside
security-level 100
ip address 192.168.15.1 255.255.255.0
!
interface Vlan300
nameif outside
security-level 0
ip address 207.245.44.98 255.255.255.248
!
interface Ethernet0/0
description outside interface
switchport access vlan 300
speed 100
duplex full
!
interface Ethernet0/1
description inside interface
switchport access vlan 100
speed 100
duplex full
!
interface Ethernet0/2
description management
switchport access vlan 2
speed 100
duplex full
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
dns domain-lookup outside
dns server-group DefaultDNS
name-server 208.91.112.52
name-server 208.91.112.53
domain-name fortinet.com
access-list inside_access_in extended permit ip 192.168.15.0 255.255.255.0 any
access-list inside_nat_outbound extended permit ip 192.168.15.0 255.255.255.0 any
pager lines 24
logging enable
logging buffered alerts
logging asdm informational
mtu manage 1500
mtu inside 1500
mtu outside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-621.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 access-list inside_nat_outbound
access-group inside_access_in in interface inside
!
router rip
!
router ospf 1
log-adj-changes
!
route outside 0.0.0.0 0.0.0.0 207.245.44.97 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable
http 0.0.0.0 0.0.0.0 outside
http 0.0.0.0 0.0.0.0 inside
http 172.16.0.0 255.255.255.0 manage
http 207.245.44.98 255.255.255.255 outside
no snmp-server location
no snmp-server contact

balaji.bandi · ‎09-15-2020

Quick test :

do you have reachability to below IP address : ( try ping that IP form ouside interface and test it)

name-server 208.91.112.52
name-server 208.91.112.53

if not change to google dns and test it

no name-server 208.91.112.52
no name-server 208.91.112.53
name-server 8.8.8.8

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

fwadmin · ‎09-15-2020

Yes I do:

Result of the command: "ping 208.91.112.52"

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 208.91.112.52, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/20/20 ms

Result of the command: "ping 208.91.112.53"

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 208.91.112.53, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/20/20 ms

Result of the command: "ping google.com"

ping google.com
^
ERROR: % Invalid Hostname

Result of the command: "ping 8.8.8.8"

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 10/14/20 ms