From LAN DNS Server I cannot resolve internet-Host. I have DNS Forwarder configured on LAN DNS Server.

On ASA I have tested with INSPECT DNS and without. But no Luck...

Is the ASA Configuration Correct for my requirement.

Your fw inside ip address 192.168.12.121, but dns server is 192.168.100.5.. is this on some other vlan behind some other L3 device? if so, does the firewall has the route for reaching the network 192.168.100.X

Also you may try to to remove the static NAT and do a hide nat with the outside interface. Then try to access internet from the local dns server.

no static (inside,Outside) 57.25.175.92 192.168.100.5

global (Outside) 1 interface

nat (inside) 1 192.168.100.0 255.255.255.0

If it works, then problem here is may be with arp-proxy or interface ACL on your internet router .

Try adding a static arp on your internet router for the public IP you are using for static NAT.

Hi,

Reachability is there.

I didnt understood adding static arp on internet router. What do you mean.

Please explain

That static ARP on the upstream router is to send packets destined to the PUBLIC address towards the firewall's outside interface's MAC address.

Pls. try loading google.com by its IP address in the browser.

ex:

http://64.233.169.104

If this works then, for one host on the inside change the DNS server's ip address to 4.2.2.2 and see if you get name resolution and be able to load the page by the name and not IP address.

Let us know how that goes.

Thank You.

4.2.2.2 didnt help.

Reloading doesnt help as well.

With name or IP it doesnt browse.

Any helpful internet link showing steps required on windows 2003 Server and ASA to recheck the config.

Is the config done on ASA (1st post) correct