Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
839
Views
0
Helpful
2
Replies

DNS Doctoring on ASA

Ivan Marinovic
Level 1
Level 1

‎12-10-2018 05:06 AM - edited ‎02-21-2020 08:33 AM

Hi,

 

I have one computer on the local network, and it needs to be available local and public so I crate:

 

object network x.x.x.x-10.1.4.157
host 10.1.4.157
nat (inside,outside) static x.x.x.x dns

 

College add entry to DNS (only public IP) and I am unable to access this computer locally. From Outside it is working.

 

Did I miss something?

 

This is done on ASA-5545-X.

 

p.s. when I chang local DNS to 8.8.8.8 everything is working ok!

 

Best Regards,

Ivan

 

 

 

 

 

 

0 Helpful
2 Replies 2

mkazam001
Level 3
Level 3

‎12-10-2018 05:18 AM

might be helpful:

https://community.cisco.com/t5/routing/dns-doctoring-asa-5505/m-p/3400551

regards, mk

0 Helpful

Ivan Marinovic
Level 1
Level 1
In response to mkazam001

‎12-10-2018 10:44 PM

Hi, thanks for reply my config is:

policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 4096
no tcp-inspection
policy-map global_policy
class inspection_default
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect pptp
inspect esmtp
inspect ftp
inspect dns preset_dns_map
class sfr
sfr fail-open monitor-only
class class-default
user-statistics accounting


Nat-rewrite is enable (i check it on ASDM) but in sh ru is not writen.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card