10-18-2018 10:27 PM - edited 02-21-2020 08:22 AM
hi Cisco
I have the following model: Local network (NET10, NET20) <=> Cisco 3850 (200) => ASA5525-x => WAN internet
VLAN 10 192.168.10.0/24
VLAN 20 192.168.20.0/24
VLAN 200 connection between Coresw and ASA 5525-x
Configured on 3850 core swicth
interface VLAN 10 IP: 192.168.10.1
interface VLAN 10 IP: 192.168.20.1
VLAN 200 IP Interface: 200.200.200.1
VLAN 200 connects the Cisco 3850 and the 5525-x asa
Complete VLAN 10, 20 routing through VLAN 200
At coreswicth:
route 0 0 200.200.200.2
At Asa 5525-x create route 2 VLAN
route inside200 192.168.10.0 255.255.255.0 200.200.200.1
route inside200 192.168.20.0 255.255.255.0 200.200.200.1
route wan 0.0.0.0 1.1.1.1
I have a 192.168.10.200 webserver have domain abc.com IP WAN: 1.1.1.1
I have configured NAT webserver ok port 80 on wan IP interface: 1.1.1.1
Outside the internet did not. However, local LAN (VLAN 10, 20) is not accessible to the web.
My question is as follows:
I want to access web server from local LAN using IP WAN.
Now i using DNS local and create DNS record A => IP local 192.168.10.200.
Thanks
Solved! Go to Solution.
11-04-2018 07:04 AM - edited 11-04-2018 07:06 AM
Hi gbekmezi-DD
Thanks,
I have found the documentation that talks about this issue is mainly DNS packets.
Cisco offers the concept of DNS doctoring
Cisco DNS doctoring is a process that intercepts a DNS response packet as it comes back into the network, and changes the IP address in the response.
I will try to config the doctoring dns configuration
Thanks
11-04-2018 05:35 AM
11-04-2018 06:40 AM
Split DNS (which is what it sounds like you are doing) is the way to do it. You can’t access the outside interface of the ASA from the inside like you are describing. You could consider changing your design by implementing multi-context and probably do what you are wanting to do then. I don’t think it’s worth it though.
11-04-2018 07:04 AM - edited 11-04-2018 07:06 AM
Hi gbekmezi-DD
Thanks,
I have found the documentation that talks about this issue is mainly DNS packets.
Cisco offers the concept of DNS doctoring
Cisco DNS doctoring is a process that intercepts a DNS response packet as it comes back into the network, and changes the IP address in the response.
I will try to config the doctoring dns configuration
Thanks
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: