Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
600
Views
0
Helpful
7
Replies

how to access internal mail when on guest network

Go to solution
Mike Buyarski
Level 3
Level 3

‎04-21-2016 08:13 AM - edited ‎03-12-2019 12:39 AM

so we recently installed a ASA in place of a router. however now our smart phone users cant get there email on there phone when they are on the guest network.(phone are only allowed on the guest network) I expect this is because the guest network uses external DNS servers so the address of our mail server resolves to the external IP. but that creates the problem since it is going out the same device that it needs to come into. this was not a problem on the router since it just redirected it to the internal address. There must be a way to get this to work through the ASA as well?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marius Gunnerud
VIP
VIP

‎04-21-2016 08:32 AM

you need to do DNS re-write. you need to add the dns keyword to the end of your NAT statement.

object network MAILSERVER

  host 10.10.10.10

 nat (inside,outside) static 1.2.3.4 dns

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Marius Gunnerud
VIP
VIP

‎04-21-2016 08:32 AM

you need to do DNS re-write. you need to add the dns keyword to the end of your NAT statement.

object network MAILSERVER

  host 10.10.10.10

 nat (inside,outside) static 1.2.3.4 dns

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Go to solution
Mike Buyarski
Level 3
Level 3
In response to Marius Gunnerud

‎04-21-2016 09:05 AM

and that will redirect anything trying to hit the external IP from the inside to the inside IP?

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP
In response to Mike Buyarski

‎04-21-2016 09:25 AM

What it does is check the NAT table and if it finds an entry for the public IP that is returned in the DNS request, it will re-write the public IP to the private IP and send the request to the requesting PC.

Keep in mind that you will need to allow traffic in the ACL to the private IP of the mail server.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Go to solution
Mike Buyarski
Level 3
Level 3
In response to Marius Gunnerud

‎04-21-2016 09:37 AM

OK I will try that, and yes I do have the mail server allowed in the ACL for the guest network. Like I said it was working before the ASA was in.

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP
In response to Mike Buyarski

‎04-21-2016 09:45 AM

It is because the users are receiving the public IP of the server.  add the DNS keyword to the end of your NAT statement on the ASA then it should start working again.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Go to solution
Mike Buyarski
Level 3
Level 3
In response to Marius Gunnerud

‎04-21-2016 11:10 AM

FYI I will have to do that change in off hours so I will let you know tomorrow!

0 Helpful

Go to solution
Mike Buyarski
Level 3
Level 3

‎04-22-2016 09:34 AM

Worked great Thanks!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card