Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
494
Views
0
Helpful
3
Replies

DNS Rewrite on ASA 5510

John Woods
Level 1
Level 1

‎12-04-2014 05:47 PM - edited ‎03-11-2019 10:11 PM

We have a guest wireless network configured that grants internet access only to users. The guest traffic is coming from a port on our 5508 WLC directly to the "guest" interface on our ASA 5510 (security level 50). The clients get DHCP from the WLC and DNS from external (ISP) DNS servers. Everything works great with one exception. We host our company website on the internal network ("inside" interface - security level 100). We need our guests to be able to access this internal web server.

After doing some research, it looks like I can accomplish this with DNS rewrite.

I would greatly appreciate configurations recommendations and command syntax for both the NAT command and ACL entry.

Thank you,

John

Labels:
0 Helpful
3 Replies 3

Vibhor Amrodia
Cisco Employee
Cisco Employee

‎12-05-2014 06:58 AM

Hi,

Let me assume these parameters to describe this for you :-

Web server(inside):- 10.2.2.3

Users:- DMZ[172.16.0.0/24]

Natted IP for Web Server:- 2.2.2.2

You simply need to use this NAT statement:-

object network DMZ-Inside

host 10.2.2.3

nat (DMZ,inside) static 2.2.2.2

Access list should allow the traffic to the private IP from the DMZ inbound to inside interface.

Thanks and Regards,

Vibhor Amrodia

 

0 Helpful

Marius Gunnerud
VIP
VIP

‎12-05-2014 01:45 PM

Well, the short version for configuring DNS rewrite for the webserver is to add the DNS keyword to the end of the existing NAT statement for that webserver.

You will then need to also allow traffic from the wireless clients to the webserver private IP on the ASA guest interface.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Vibhor Amrodia
Cisco Employee
Cisco Employee
In response to Marius Gunnerud

‎12-05-2014 10:04 PM

Hi,

Also , if you use the "DNS" keyword on the ASA with the STatic NAT , you need to make sure that the DNS queries actually go through the ASA device and it will not work if you have an internal DNS server defined on the clients on the same subnet or behind the same interface.

Thanks and Regards,

Vibhor Amrodia

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card