ā09-19-2014 03:38 PM - edited ā03-11-2019 09:47 PM
I currently have a NAT statement on my firewall for a public facing server which looks like this:
nat (any,any) source static any any destination static server_ext_ip server_int_ip
Typically I believe this would be better off as an object NAT but for now this works, however I need my inside clients to access this server via it's external/public IP. I am using an external DNS server. Would simply adding the "dns" command at the end of this solve my issue?
Solved! Go to Solution.
ā09-20-2014 12:54 PM
If the URL your users are using to access the server resolves to the public IP and your DNS server is external, then adding the dns keyword at the end of the NAT statement will solve your issue.
Also keep in mind that if the server is located off a different ASA interface (i.e. in a DMZ) then you need to make sure that your inside interface ACL permits traffic to the private IP of the server.
--
Please remember to select a correct answer and rate helpful posts
ā09-20-2014 12:10 PM
Hi
If you want users to access the server through the public IP, just leave it as it is. DNS rewrite, rewrites the DNS response so that users can access the server through the local IP address instead of the public.
ā09-20-2014 12:54 PM
If the URL your users are using to access the server resolves to the public IP and your DNS server is external, then adding the dns keyword at the end of the NAT statement will solve your issue.
Also keep in mind that if the server is located off a different ASA interface (i.e. in a DMZ) then you need to make sure that your inside interface ACL permits traffic to the private IP of the server.
--
Please remember to select a correct answer and rate helpful posts
ā09-23-2014 11:54 AM
I applied the "dns" command to my NAT statements and it is now working as needed. I did have to change the statement from:
nat (any,any) source static any any destination static server_ext_ip server_int_ip
to
nat (any,any) source static server_ext_ip server_int_ip dns
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide