Re: Cisco ASA-Ping from the DMZ DNS srv local IP to DMZ DNS srv public

Maksim Zaikin · ‎08-01-2022

Hi Friends,

I'm sandboxing with the ASA 5510. Was successfully configured inside, outside, dmz interfaces, between interface pings, as well as pings from the internet to the dmz translated server sitting behind the public IP, so, so far so good, however i was trying to add some feature and it literally blow my mind. Here is the problem:

my dns server dmz ip is 192.168.1.5

my dns public ip address is 8.8.8.8 (I hope everyone understand that the addresses i use in the example are mad up)

I need to ping my dns public ip from my dns server's console. Weird thing I can not do that

I can ping my dns public IP from inside net

I can ping my DNS public IP from the internet

The global root DNS servers can communicate with my DNS server and transfer primary zone with no issues

But I can ping the my dns server from my dns server via it public IP.

Could you please show me the working example so I could understand what I did wrong. I really don't want to publish my config due to the varaety of reasons, thus I'm asking you to show me basic steps required to have this work(ping from the DMZ DNS severer local ip to DMZ DNS server public IP )

NOTE the ASA public IP and DNS public IP are different

Appreciate your help in advance,

Best regards,

Maks.

MHM Cisco World · ‎08-02-2022

can you more elaborate

Marius Gunnerud · ‎08-02-2022

Check your NAT statements, I would assume that you have a NAT for your DNS private IP to DNS public IP from inside to DMZ. Could you check this and let us know?

--
Please remember to select a correct answer and rate helpful posts

Cisco ASA-Ping from the DMZ DNS srv local IP to DMZ DNS srv public IP