Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
530
Views
0
Helpful
2
Replies

NAT on ASA not functioning correctly - Help Please

networking
Level 1
Level 1

‎08-12-2007 11:29 PM - edited ‎02-21-2020 01:38 AM

Hi All,

We recently replaced our NAT Router (3660) with a resilient pair of ASA5520's. All is working well, except that when someone from the 'outside' does a lookup against an 'inside' DNS server, the TTL on the response is not getting re-written as it should.

What this means is that someone looks up a device and gets a valid DNS lookup with a TTL of say 24Hours. They use the connection, then go out for lunch or something and come back. When they try to connect to the device again, the DNS lookup has not expired, but the NAT translation on the ASA has, so they are unable to connect.

This worked perfectly on the 3660 (it reset the TTL on all DNS responses to 0 by default!). However we are unable to find out how to do this on the ASA's.

Please can anyone help? This is really badly affecting people connecting into our Organisation, and if we can't find the resolution soon we will have to rip out the ASA's

Many Thanks in Advance.

0 Helpful
2 Replies 2

carenas123
Level 5
Level 5

‎08-17-2007 06:16 AM

Pinging to test questionable operation of a network device?A ping may be initiated from an adaptive security appliance interface to a network device that is suspected to be functioning incorrectly. If the interface is configured correctly and an echo is not received, there may be problems with the device.

0 Helpful

networking
Level 1
Level 1
In response to carenas123

‎08-17-2007 06:44 AM

I think you've mis-posted! :)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card