I have a DMZ on my ASA 5510 that is working for everything except internal DNS. If I try to ping an internal IP of 192.168.200.10 it responds but if I try to ping that IP by name it won't resolve.
This is the DMZ related part of the config:
static (Inside,DMZ1) 10.10.0.0 10.10.0.0 netmask 255.255.0.0
static (Inside,DMZ1) 192.168.16.0 192.168.16.0 netmask 255.255.248.0
static (Inside,DMZ1) 192.168.100.0 192.168.100.0 netmask 255.255.255.0
static (Inside,DMZ1) 192.168.200.0 192.168.200.0 netmask 255.255.248.0
access-list dmz1 extended permit tcp host 192.168.0.25 host 192.168.200.15 eq 1433
access-list dmz1 extended permit tcp host 192.168.0.25 host 192.168.200.45 eq 1433
access-list dmz1 extended permit tcp host 192.168.0.25 host 192.168.200.61 eq 1433
access-list dmz1 extended permit tcp host 192.168.0.25 host 192.168.200.51 eq 54321
access-list dmz1 extended permit tcp host 192.168.0.25 host 192.168.100.7 eq 1433
access-list dmz1 extended permit tcp host 192.168.0.25 host 192.168.200.3 eq www
access-list dmz1 extended permit icmp any any echo
access-list dmz1 extended permit icmp any any echo-reply
access-list dmz1 extended permit tcp 192.168.0.0 255.255.255.0 host 192.168.200.21 eq domain
access-list dmz1 extended permit udp 192.168.0.0 255.255.255.0 host 192.168.200.21 eq domain
access-list dmz1 extended permit tcp 192.168.0.0 255.255.255.0 host 192.168.200.7 eq domain
access-list dmz1 extended permit udp 192.168.0.0 255.255.255.0 host 192.168.200.7 eq domain
access-list dmz1 extended deny ip 192.168.0.0 255.255.255.0 192.168.16.0 255.255.248.0
access-list dmz1 extended deny ip 192.168.0.0 255.255.255.0 192.168.200.0 255.255.248.0
access-list dmz1 extended deny ip 192.168.0.0 255.255.255.0 192.168.100.0 255.255.255.0
access-list dmz1 extended deny ip 192.168.0.0 255.255.255.0 10.10.0.0 255.255.0.0
access-list dmz1 extended permit ip any any
I believe that I'm allowing DNS through the 'eq domain' statements above but the only way I have had to create a host file on the DMZ server to get it working. Any thoughts?
