Showing results for 
Search instead for 
Did you mean: 

DNS Doctoring + Site to Site VPN

My reading seems to suggest that DNS Doctoring will be incompatible across a site-to-site VPN with an overlapping network range. I wish to setup an AD trust / DNS Forwarding between 2 x sites. I have a Domain Controller / DNS server on Site A: and a remote site, Site B: (reachable via a site-to-site VPN) that needs to access it. The problem is that Site B is connected to a WAN on which another office is connected that also uses Clearly NAT is required to translate the overlapping addresses space between Site A and B. When building the crypto ACL using twice NAT I don't believe that I can use DNS doctoring to translate the A record for to as Object NAT (with the DNS keyword) won't be matched, i.e. twice NAT will take priority. See end of the following URL. I'm assuming that my best course of action is to use a second Firewall behind my ASA (VPN Firewall) to do the translation of the A Record for the remote site and then the ASA (VPN Firewall) for the VPN itself. Can anyone offer any guidance please. Regards Darren
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers