Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
682
Views
0
Helpful
3
Replies

Firewall DNS

wasiimcisco
Level 1
Level 1

‎01-28-2013 03:40 AM - edited ‎03-11-2019 05:53 PM

  Hi,

I have Wireless Client (172.31.250.x) in corpx segment (Secuirty 91) which are trying to access the webmail which is published over the internet. Email Server is

located inside segment (security 100) on IP address (192.168.251.137). Clients are able to browse Internet fine but emails and Internal Applications are not working

because Public DNS is resolving the PUbic IP addresses of these applications.

I want my Wireless Client to access these Internal IP addresses and want to configure the firewall for this DNS issue.


Current configuration for the email Server is this

access-list acl-out extended permit tcp any host xx.210.84.37 eq https


static (inside,outside) xx.210.84.37 192.168.251.137 netmask 255.255.255.255

static (inside,corpx) xx.210.84.37 192.168.251.137 netmask 255.255.255.255

nat (inside) 1 0.0.0.0 0.0.0.0

nat (corpx) 1 0.0.0.0 0.0.0.0

global (corpx) 1 interface

global (inside) 1 interface

There is no access-list on the corpx interface.

Kindly assist what I am missing. I want the email server to be available for the wireless cients as well as Internet and users over the Internet.

Labels:
0 Helpful
3 Replies 3

Karsten Iwen
VIP
VIP

‎01-28-2013 04:18 AM

You need DNS-doctoring:

static (inside,outside) xx.210.84.37 192.168.251.137 netmask 255.255.255.255 dns

What's that rule for:

static (inside,corpx) xx.210.84.37 192.168.251.137 netmask 255.255.255.255

Do you really need that?

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful

wasiimcisco
Level 1
Level 1
In response to Karsten Iwen

‎01-28-2013 07:36 PM

Hi,

I tried the above command but no luck.

static (inside,outside) xx.210.84.37 192.168.251.137 netmask 255.255.255.255 dns

I have even removed the below mention commnad though the below command was DNS docotoring so that once the request hit on corpx interface it will redirect to inside interface towards the private IP address of exchange.

But both the options are not working.

Kindly assist.

0 Helpful

Karsten Iwen
VIP
VIP
In response to wasiimcisco

‎01-28-2013 10:45 PM

did you clear the DNS caches on your PC?


Sent from Cisco Technical Support iPad App

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card