07-02-2007 04:49 AM - edited 03-11-2019 03:38 AM
Hi
I have a problem with DNS resolution with the ASA 5510. The DNS server is inside the LAN (x.y.11.0/24) and MPLS clients are coming from a DMZ segment. There is an MPLS Router between MPLS cloud and ASA, the DMZ is x.y.0.0/24 and DNS server is statically NATted with x.y.0.0 subnet IP. Everything is working fine, except DNS is not resolving the name request coming from MPLS. The request is reaching the DNS server, but while replying the DNS server gives x.y.11.0 IP, which is not crossing the FW. I cannot do the identity NAT for x.y.11.0 IP as we have to make changes in all over MPLS network, which is not feasible as number of locations are more than 100.
If anybody has the workaround, please reply. Thanks in advance.
Regards
Reddy
07-02-2007 03:10 PM
Please post a scrubbed config.
07-02-2007 10:56 PM
Hi .. let me see if I have got it right ..?
you are basically trying to access a DNS server on your inside LAN from a network locate on the DMZ .. correct ..?
I am assuming that the security of the inside is higher that the DMZ right ..?
you should have a one to one static NAT like this ..
static (inside,dmz) x.y.?.? x.y.11.? netmask 255.255.255.255
then if you are getting the dns request hitting the DNS server, the issue is more likely that the dns server does not know how to get back to the MPLS segment .. packets from the dns server should be reaching the inside interface of the ASA on its way back to the MPLS cloud .. can you see that happening on the ADSM logs ..?
I hope it helps .. please rate it if it does !!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide