Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
580
Views
0
Helpful
2
Replies

DNS rewrite

lech_2000
Level 1
Level 1

‎07-03-2009 06:05 AM - edited ‎03-11-2019 08:50 AM

Hi,

I have a 5520 failover pair running 8.0(4). There are physical interfaces connected to inside and outside, two DMZ logical interfaces and a logical interface to a services network.

There is a static translation from outside to a DMZ-I host...

static (DMZ-I,outside) externaladdress dmzaddress dns

The global policy is enabled on all interfaces with DNS inspection. Our DNS servers of parent organisation are located on our services link.

If I query a dns server located on the outside(internet) I get a dns rewrite response with the DMZ-I address.

When I query DNS servers on our services link the response is not rewritten.

Is this expected behaviour as the static is on a different interface to the DNS response?

If so is there a workaround?

Thanks for your help

Labels:
0 Helpful
2 Replies 2

Kureli Sankar
Cisco Employee
Cisco Employee

‎07-03-2009 07:00 AM

Your observation is correct. Works as expected or breaks as expected.

You can use destination nat to get around that.

static (dmz,inside) public-ip dmz-1

This will let the inside host access the dmz1 host using public IP address.

0 Helpful

lech_2000
Level 1
Level 1
In response to Kureli Sankar

‎07-03-2009 07:46 AM

thanks for you reply Kusankar, this is further complicated by our proxy server sharing a DMZ address with some sites.

I created a static between the services net and the dmz which is enabling the dns replies to be translated..

static (DMZ-I,SERVICES) externaladdress internaladdress dns

thanks again for your help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card