Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
441
Views
0
Helpful
4
Replies

dnc doctoring issue on FTD

surugupt
Cisco Employee
Cisco Employee

‎08-14-2024 08:06 AM

    • Users are trying to access the internal server pcs.savvas.com from one of their remote locations. The server is hosted on a private DNS.
    • When pcs.savvas.com resolves to the public IP 8.20.x.x, users are experiencing issues accessing the application.
    • When pcs.savvas.com resolves to the private IP, no issues are observed.
0 Helpful
4 Replies 4

Karsten Iwen
VIP
VIP

‎08-14-2024 08:19 AM

What is your question? Your bullet point 2 is exactly what DNS doctoring is designed to solve. But the DNS request has to flow through the device that does the NAT for this server.

0 Helpful

surugupt
Cisco Employee
Cisco Employee
In response to Karsten Iwen

‎08-14-2024 08:25 AM

Hi Thank you for your response, I verified the existing NAT rule, which is a Manual NAT Rule of type Static, Verified the Access Control Policy (ACP) for pcs.savvas.com on the customer's device. also wanted to mention that the dns server is in inside network.
NAT rule was created correctly. I'm wondering what other things I should check to help customer.

0 Helpful

Karsten Iwen
VIP
VIP
In response to surugupt

‎08-14-2024 09:09 AM

Things to check:

  • Does the DNS request flow through the NAT firewall
  • Is DNS doctoring enabled
  • capture on both FTD interfaces the DNS response and see if the IP gets rewritten
0 Helpful

MHM Cisco World
VIP
VIP

‎08-14-2024 11:12 AM

this option needed

Screenshot (161).png

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card