05-29-2013 11:03 AM - edited 03-11-2019 06:50 PM
Hello,
I have email server which has private IP address 192.168.50.10 and Public IP 87.39.240.239.
From inside I can ping 192.168.50.10 but can not ping 87.39.240.239.
But from internet I can ping 87.39.240.239 and can access email server.
I have allowed "permit ip any any" on inside and outside interface for testing. I have below entries
static (inside,outside) 87.39.240.238 192.168.50.10 netmask 255.255.255.255 dns
static (inside,inside) 87.39.240.238 192.168.50.10 netmask 255.255.255.255 dns
I removed dns key word and test it, still not working from outside email server is working fine.
Please advise on this issue.How I can access email server via public IP address.( Internal DNS server is configured for email url with Public IP address
87.39.240.239)?
Regards,
Parvez
05-29-2013 11:13 AM
Hi Parvez,
You may also need to enable DNS inspection (if not done already). Check the below link..
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml
Thx
MS
05-29-2013 11:14 AM
Hi,
Either the internal DNS server has to return the local IP address of the server (since ASA cant do DNS doctoring as it doesnt see the DNS query and reply) or you will have to add some configurations to make it possible for the LAN host to access the server with its public NAT IP address.
If you for example have this Dynamic PAT configuration at the moment
global (outside) 1 interface
nat (inside) 1 192.168.50.0 255.255.255.0
THEN you could add
global (inside) 1 interface
and
same-security-traffic permit intra-interface
and you might possibly now be able to access the server with its public IP address from the LAN.
You will naturally need the Static NAT configurations you mention above also
- Jouni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide