Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1373
Views
0
Helpful
7
Replies

Firewall & DNS Records

Go to solution
Ahmad Khalifa
Level 1
Level 1

‎12-26-2013 02:55 AM - edited ‎03-11-2019 08:21 PM

I have this Senario as in attatchemnt

     i have WEB Server into the Inside Network is NAT to Outside

     when a client in the Outside Trying to Use the Resolved IP from the DNS the DNS reply by the IP that on the Inside for the Server itself before NAT

     Any Idea to prevent the ASA5510 to Send the Inside IP tp the Outside DNS???

Labels:
Preview file
79 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP
In response to Ahmad Khalifa

‎12-30-2013 09:03 AM

You have to correct that on the DNS-server. There the public IP should be configured.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Mariusz Bochen
Level 1
Level 1

‎12-27-2013 03:46 AM

Hi Ahmad,

If you have static NAT translating outside IP to the inside one ASA will not send inside IP to the outside DNS.

But this is not very clear and I am not sure if I properly understood your post, so can you include your NAT config please?

Regards

Mariusz

0 Helpful

Go to solution
Ahmad Khalifa
Level 1
Level 1
In response to Mariusz Bochen

‎12-27-2013 04:43 AM

Hello

     thank you for your Concern

     when i run NSLOOKUP from the Client on the OutSide with the name of the WEB Server its Reply by the Internal IP Before NAT (LOCAL IP)

its Happen With me in 2 Different Sites

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP

‎12-27-2013 04:34 AM

There is no communication between the ASA and the DNS-server. So the ASA doesn't send anthing to the DNS.

Regarding to your diagram, the DNS-server has a mapping to the internal address. A public DNS should always be configured with the public IP which would be 192.168.100.200 in your case. With that, the outside client would resolve the name to the right IP.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful

Go to solution
Ahmad Khalifa
Level 1
Level 1
In response to Karsten Iwen

‎12-30-2013 08:54 AM

but its happen when you run cmd "nslookup" its reply by intenal IP noth the Global IP any idea

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to Ahmad Khalifa

‎12-30-2013 09:03 AM

You have to correct that on the DNS-server. There the public IP should be configured.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful

Go to solution
Ahmad Khalifa
Level 1
Level 1
In response to Karsten Iwen

‎12-30-2013 09:33 AM

this is what i use to do each time

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to Ahmad Khalifa

‎12-30-2013 10:13 AM

What do you mean with "each time"? Is your change not permanent? What kind of DNS-server is it?

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card