cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
897
Views
0
Helpful
3
Replies

Traffic sourced by ASA Interface IP cannot reach SMTP Server over VPN

Webwalker
Beginner
Beginner

Hello everybody,

 

I have a question regarding the ASA and SMTP connection over VPN to my mail gateway.

 

It´s a branch office ASA which is connected over VPN to the hub. Every traffic goes over that VPN tunnel and for the clients behind the ASA everything is fine. They can reach and ping the SMTP gateway with no problems.

When I was setting up the call-home feature to send me a config snapshot every day I found out that the internal IP address of the ASA (which is the source of sending SMTP traffic for call-home feature) is not routed through the VPN tunnel.

 

A trace shows it is routed directly through the internet instead of being routed through the VPN.

 

Please, can someone help me finding a solution for this?


Thanks

3 Replies 3

balaji.bandi
VIP Community Legend VIP Community Legend
VIP Community Legend

Can you post the configuration to have look what rules you have.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help


interface GigabitEthernet0/0
 nameif FE01_WIFI
 security-level 50
 ip address 192.168.0.1 255.255.255.0
!
interface GigabitEthernet0/1
 shutdown
 nameif FE02_WAN
 security-level 0
 ip address 172.20.255.161 255.255.255.252
!
interface GigabitEthernet0/2
 nameif FE03_DATAA
 security-level 100
 ip address 172.21.48.254 255.255.255.0
!
interface GigabitEthernet0/3
 description ### PORT-CHANNEL 2 #1 ###
 channel-group 1 mode passive
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/4
 description ### PORT-CHANNEL 2 #2 ###
 channel-group 1 mode passive
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/5
 nameif WAN
 security-level 0
 ip address 172.22.58.11.94 255.255.255.248
!
interface Management0/0
 management-only
 shutdown
 nameif management
 security-level 100
 ip address 192.168.15.1 255.255.255.0
!
interface Port-channel1
 lacp max-bundle 8
 no nameif
 no security-level
 no ip address
!
interface Port-channel1.311
 vlan 311
 nameif FE03_DATA
 security-level 100
 ip address 10.143.48.254 255.255.255.0
!
interface Port-channel1.314
 description WIFI
 vlan 314
 nameif WIFI
 security-level 30
 ip address 192.168.3.254 255.255.255.0
!
boot system disk0:/asa944-27-smp-k8.bin
boot system disk0:/asa944-16-smp-k8.bin
ftp mode passive
same-security-traffic permit intra-interface
object network RUEKA01-NET-DATA-ALL
 subnet 10.143.48.0 255.255.255.0
object network RUMOW01-NET-DATA-ALL
 subnet 10.143.168.0 255.255.252.0
object network A_
object network RUEKA01-NET-WIFI-GUEST
 subnet 192.168.0.0 255.255.255.0
object network RULED01-NET-DATA-ALL
 subnet 10.143.46.0 255.255.255.0
object network RURND01-NET-DATA-ALL
 subnet 10.143.50.0 255.255.254.0
object network UAIEV01-NET-DATA-ALL
 subnet 10.143.176.0 255.255.252.0
object network UALVI01-NET-DATA-ALL
 subnet 10.143.188.0 255.255.252.0
object network UAKIV01-NET-DATA-ALL
 subnet 10.143.184.0 255.255.252.0
object network MyIP
 host 10.143.48.254
object network DATAC-MNG04
 host 10.163.8.53
object network RUMOS01-NET-DMZ
 subnet 192.168.90.0 255.255.255.0
object network RUMOS01-NET-VPN-SSL
 subnet 10.143.55.0 255.255.255.0
object network DATAC-MNG05
 host 10.163.8.54
object network RUEKA01-NET-FAKE
 subnet 192.168.12.0 255.255.255.0
object network RUEKA01-NET-RANGE_ALL_COMP1
 subnet 10.0.0.0 255.0.0.0
object network RUEKA01-NET-RANGE_ALL_COMP2
 subnet 10.2490.0 255.255.0.0
object network RUMOW01-NET-VM
 subnet 172.168.10.0 255.255.255.0
 description VMware management network
object network ProArc
 subnet 10.136.173.0 255.255.255.0
object network GBNLW
 subnet 10.164.232.0 255.255.255.0
object network UALVI01-NET-DATA-VPN
 subnet 10.143.180.0 255.255.255.0
object network RUEKA01-NET-WIFI
 subnet 192.168.3.0 255.255.255.0
object-group service DM_INLINE_TCP_1 tcp
 port-object eq ssh
 port-object eq telnet
object-group service COMP1_allowed_udp udp
 port-object eq domain
object-group network RUEKA01-GR-NET-VPN-RUMOS01
 network-object object RUEKA01-NET-DATA-ALL
object-group network NLTC401-GR-NET-VPN-RUMOS01
 network-object 10.100.0.0 255.255.0.0
 network-object 10.101.0.0 255.255.0.0
 network-object 10.104.0.0 255.255.0.0
 network-object 10.130.0.0 255.255.0.0
 network-object 10.160.0.0 255.255.0.0
 network-object 10.143.0.0 255.255.252.0
 network-object 10.143.100.0 255.255.252.0
 network-object 10.143.104.0 255.255.252.0
 network-object 10.143.108.0 255.255.252.0
 network-object 10.143.112.0 255.255.252.0
 network-object 10.143.116.0 255.255.252.0
 network-object 10.143.12.0 255.255.252.0
 network-object 10.143.120.0 255.255.252.0
 network-object 10.143.124.0 255.255.252.0
 network-object 10.143.128.0 255.255.252.0
 network-object 10.143.132.0 255.255.252.0
 network-object 10.143.136.0 255.255.252.0
 network-object 10.143.140.0 255.255.252.0
 network-object 10.143.144.0 255.255.252.0
 network-object 10.143.148.0 255.255.252.0
 network-object 10.143.152.0 255.255.252.0
 network-object 10.143.156.0 255.255.252.0
 network-object 10.143.16.0 255.255.252.0
 network-object 10.143.160.0 255.255.252.0
 network-object 10.143.164.0 255.255.252.0
 network-object 10.143.172.0 255.255.252.0
 network-object 10.143.196.0 255.255.252.0
 network-object 10.143.20.0 255.255.252.0
 network-object 10.143.200.0 255.255.252.0
 network-object 10.143.204.0 255.255.252.0
 network-object 10.143.208.0 255.255.252.0
 network-object 10.143.212.0 255.255.252.0
 network-object 10.143.216.0 255.255.252.0
 network-object 10.143.220.0 255.255.252.0
 network-object 10.143.224.0 255.255.252.0
 network-object 10.143.228.0 255.255.252.0
 network-object 10.143.232.0 255.255.252.0
 network-object 10.143.236.0 255.255.252.0
 network-object 10.143.24.0 255.255.252.0
 network-object 10.143.240.0 255.255.252.0
 network-object 10.143.244.0 255.255.252.0
 network-object 10.143.248.0 255.255.252.0
 network-object 10.143.252.0 255.255.252.0
 network-object 10.143.28.0 255.255.252.0
 network-object 10.143.32.0 255.255.252.0
 network-object 10.143.36.0 255.255.252.0
 network-object 10.143.4.0 255.255.252.0
 network-object 10.143.40.0 255.255.252.0
 network-object 10.143.56.0 255.255.252.0
 network-object 10.143.60.0 255.255.252.0
 network-object 10.143.64.0 255.255.252.0
 network-object 10.143.68.0 255.255.252.0
 network-object 10.143.72.0 255.255.252.0
 network-object 10.143.76.0 255.255.252.0
 network-object 10.143.8.0 255.255.252.0
 network-object 10.143.80.0 255.255.252.0
 network-object 10.143.84.0 255.255.252.0
 network-object 10.143.88.0 255.255.252.0
 network-object 10.143.92.0 255.255.252.0
 network-object 10.143.96.0 255.255.252.0
 network-object 10.162.0.0 255.255.0.0
 network-object 10.163.0.0 255.255.0.0
 network-object 10.181.0.0 255.255.0.0
 network-object 10.244.0.0 255.255.0.0
 network-object 10.249.0.0 255.255.0.0
 network-object 10.250.0.0 255.255.0.0
 network-object 10.252.0.0 255.255.0.0
 network-object 10.254.0.0 255.255.0.0
 network-object 10.255.0.0 255.255.0.0
 network-object 10.82.0.0 255.255.0.0
 network-object 10.83.0.0 255.255.0.0
 network-object object RUEKA01-NET-RANGE_ALL_COMP2
 network-object object GBNLW
 network-object object ProArc
object-group network RUMOS01-GR-NET-VPN-RUEKA01
 network-object object RUMOW01-NET-DATA-ALL
 network-object object RUMOS01-NET-VPN-SSL
 group-object NLTC401-GR-NET-VPN-RUMOS01
 network-object object RUMOS01-NET-DMZ
 network-object object RULED01-NET-DATA-ALL
 network-object object UALVI01-NET-DATA-ALL
 network-object object UAIEV01-NET-DATA-ALL
 network-object object RUMOW01-NET-VM
 network-object object RURND01-NET-DATA-ALL
 network-object object UALVI01-NET-DATA-VPN
 network-object 10.28.0.0 255.255.224.0
object-group service asdm tcp
 description Cisco ASDM Port
 port-object eq 4434
object-group service techexpert tcp
 description Pro-Info Techexpert
 port-object eq 801
 port-object eq 803
object-group service DM_INLINE_TCP_2 tcp
 group-object asdm
 port-object eq ftp
 port-object eq www
 port-object eq https
 port-object eq domain
 group-object techexpert
 port-object eq 10020
object-group service DM_INLINE_UDP_1 udp
 port-object eq domain
 port-object eq ntp
object-group network DM_INLINE_NETWORK_1
 network-object object RUEKA01-NET-RANGE_ALL_COMP1
 network-object object RUEKA01-NET-RANGE_ALL_COMP2
object-group network DM_INLINE_NETWORK_2
 network-object object RUEKA01-NET-RANGE_ALL_COMP1
 network-object object RUEKA01-NET-RANGE_ALL_COMP2
object-group network RFC1918
 network-object 192.168.0.0 255.255.0.0
 network-object 172.16.0.0 255.240.0.0
 network-object 10.0.0.0 255.0.0.0
access-list external_1_cryptomap extended permit ip object-group RUEKA01-GR-NET-VPN-RUMOS01 object-group RUMOS01-GR-NET-VPN-RUEKA01
access-list external_access_in extended permit ip object-group RUMOS01-GR-NET-VPN-RUEKA01 object-group RUEKA01-GR-NET-VPN-RUMOS01
access-list external_access_in extended permit ip object UAIEV01-NET-DATA-ALL object RUEKA01-NET-DATA-ALL
access-list external_access_in extended deny ip any any log critical
access-list internal_access_in extended permit ip object-group RUEKA01-GR-NET-VPN-RUMOS01 object-group RUMOS01-GR-NET-VPN-RUEKA01 log disable
access-list internal_access_in extended permit ip object RUEKA01-NET-DATA-ALL object UAIEV01-NET-DATA-ALL
access-list internal_access_in extended permit tcp object RUEKA01-NET-DATA-ALL any object-group DM_INLINE_TCP_2
access-list internal_access_in extended permit udp object RUEKA01-NET-DATA-ALL any object-group DM_INLINE_UDP_1
access-list internal_access_in extended permit tcp object RUEKA01-NET-DATA-ALL host 172.168.10.18 eq 9443
access-list internal_access_in extended deny ip any any log critical
access-list COMP1-QOS-VOIP-ACL extended permit ip any host 10.163.8.116
access-list WIFI_in extended deny ip 192.168.0.0 255.255.255.0 object-group RFC1918
access-list WIFI_in extended permit ip 192.168.0.0 255.255.255.0 any
access-list WIFI_in extended deny ip 192.168.3.0 255.255.255.0 object-group RFC1918
access-list WIFI_in extended permit ip 192.168.3.0 255.255.255.0 any
pager lines 40
logging enable
logging buffer-size 1048576
logging trap errors
logging asdm errors
mtu FE01_WIFI 1500
mtu FE02_WAN 1500
mtu FE03_DATAA 1500
mtu WAN 1500
mtu management 1500
mtu FE03_DATA 1500
mtu WIFI 1500
no failover
no monitor-interface service-module
icmp unreachable rate-limit 1 burst-size 1
icmp permit any FE02_WAN
icmp permit any WAN
asdm image disk0:/asdm-7101.bin
asdm location 172.24.0.18 255.255.255.255 FE02_WAN
asdm location 172.24.0.20 255.255.255.255 FE02_WAN
asdm location 172.24.0.21 255.255.255.255 FE02_WAN
asdm location 172.24.0.18 255.255.255.255 WAN
asdm location 172.24.0.0 255.255.240.0 WAN
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (any,any) source static DM_INLINE_NETWORK_1 DM_INLINE_NETWORK_1 destination static DM_INLINE_NETWORK_2 DM_INLINE_NETWORK_2 no-proxy-arp
nat (FE03_DATA,FE02_WAN) source static RUEKA01-GR-NET-VPN-RUMOS01 RUEKA01-GR-NET-VPN-RUMOS01 destination static RUMOS01-GR-NET-VPN-RUEKA01 RUMOS01-GR-NET-VPN-RUEKA01 no-proxy-arp
nat (FE03_DATA,FE02_WAN) source dynamic RUEKA01-NET-DATA-ALL interface
nat (FE01_WIFI,FE02_WAN) source dynamic RUEKA01-NET-WIFI-GUEST interface
nat (FE03_DATA,WAN) source static RUEKA01-GR-NET-VPN-RUMOS01 RUEKA01-GR-NET-VPN-RUMOS01 destination static RUMOS01-GR-NET-VPN-RUEKA01 RUMOS01-GR-NET-VPN-RUEKA01 no-proxy-arp
nat (FE03_DATA,WAN) source dynamic RUEKA01-NET-DATA-ALL interface
nat (FE01_WIFI,WAN) source dynamic RUEKA01-NET-WIFI-GUEST interface
!
object network RUEKA01-NET-DATA-ALL
 nat (FE03_DATA,FE02_WAN) dynamic 192.168.11.94
object network RUEKA01-NET-WIFI
 nat (WIFI,WAN) dynamic 192.168.11.93
access-group WIFI_in in interface FE01_WIFI
access-group external_access_in in interface FE02_WAN
access-group external_access_in in interface WAN
access-group internal_access_in in interface FE03_DATA
access-group WIFI_in in interface WIFI
route FE02_WAN 0.0.0.0 0.0.0.0 10.82.255.162 1
route WAN 0.0.0.0 0.0.0.0 192.168.11.89 200
route WAN 172.24.0.1 255.255.255.255 192.168.11.89 1
route WAN 172.24.0.20 255.255.255.255 192.168.11.89 200
route WAN 172.24.1.20 255.255.255.255 192.168.11.89 200
route WAN 172.24.1.21 255.255.255.255 192.168.11.89 200
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication enable console LOCAL
aaa authorization command LOCAL
aaa authorization exec LOCAL
aaa authorization http console LOCAL
http server enable 4434
http 192.168.1.0 255.255.255.0 management
http 10.143.0.0 255.255.0.0 FE03_DATA
http 10.163.8.53 255.255.255.255 FE03_DATA
http 10.163.8.54 255.255.255.255 FE03_DATA
http 172.24.0.18 255.255.255.255 FE02_WAN
http 10.249.58.0 255.255.255.0 FE03_DATA
http 10.249.63.128 255.255.255.128 FE03_DATA
http 172.24.0.18 255.255.255.255 WAN
http 172.24.0.0 255.255.240.0 WAN
http redirect FE02_WAN 80
snmp-server host FE02_WAN 172.24.0.18 community COMP1o
snmp-server host FE03_DATA 10.163.8.53 community COMP1.snmp
snmp-server location 31
snmp-server contact Admin
no sysopt connection permit-vpn
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec ikev2 ipsec-proposal AES256
 protocol esp encryption aes-256
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
 protocol esp encryption aes-192
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
 protocol esp encryption aes
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
 protocol esp encryption 3des
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal DES
 protocol esp encryption des
 protocol esp integrity sha-1 md5
crypto ipsec security-association lifetime seconds 43200
crypto ipsec security-association lifetime kilobytes 10485760
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA
crypto map external_map 1 match address external_1_cryptomap
crypto map external_map 1 set pfs
crypto map external_map 1 set peer 172.22.18.94
crypto map external_map 1 set ikev1 transform-set ESP-AES-128-SHA
crypto map external_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map external_map interface FE02_WAN
crypto map external_map interface WAN

crypto ca trustpool policy
crypto isakmp disconnect-notify
crypto ikev2 policy 1
 encryption aes-256
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 10
 encryption aes-192
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 20
 encryption aes
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 30
 encryption 3des
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 40
 encryption des
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev1 enable FE02_WAN
crypto ikev1 enable WAN
crypto ikev1 policy 10
 authentication pre-share
 encryption aes
 hash sha
 group 5
 lifetime 43200
crypto ikev1 policy 30
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 65535
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
telnet timeout 5
ssh stricthostkeycheck
ssh 172.24.0.18 255.255.255.255 FE02_WAN
ssh 172.24.0.18 255.255.255.255 WAN
ssh 172.24.0.20 255.255.255.255 WAN
ssh 192.168.1.0 255.255.255.0 management
ssh 10.143.0.0 255.255.0.0 FE03_DATA
ssh 10.24958.0 255.255.255.0 FE03_DATA
ssh 10.24963.128 255.255.255.128 FE03_DATA
ssh timeout 60
ssh version 2
ssh key-exchange group dh-group1-sha1
console timeout 0
management-access FE03_DATA
dhcpd address 192.168.15.50-192.168.15.250 management
dhcpd enable management
!
dhcpd address 10.143.48.100-10.143.48.194 FE03_DATA
dhcpd dns 10.143.168.51 10.143.50.7 interface FE03_DATA
dhcpd lease 691200 interface FE03_DATA
dhcpd option 3 ip 10.143.48.254 interface FE03_DATA
dhcpd option 4 ip 10.143.168.51 10.143.48.22 interface FE03_DATA
dhcpd option 15 ascii corp1.ad-is.net interface FE03_DATA
dhcpd option 42 ip 10.143.168.51 10.143.48.22 interface FE03_DATA
dhcpd enable FE03_DATA
!
priority-queue FE02_WAN
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 10.143.168.51 source FE03_DATA prefer
ssl cipher default custom "AES128-SHA"
ssl cipher tlsv1 custom "AES128-SHA"
ssl cipher dtlsv1 custom "AES128-SHA"
webvpn
 tunnel-group-list enable
 onscreen-keyboard logon
 cache
  disable
 no error-recovery disable
group-policy DfltGrpPolicy attributes
 vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless
dynamic-access-policy-record DfltAccessPolicy


class-map COMP1-VOICE-CLASS
 match access-list COMP1-QOS-VOIP-ACL
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map COMP1-QOS-PM
 class COMP1-VOICE-CLASS
  priority
 class class-default
  police output 81920000
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect ip-options
  inspect netbios
  inspect tftp
!
service-policy global_policy global
service-policy COMP1-QOS-PM interface FE02_WAN

prompt hostname context
service call-home
no call-home reporting anonymous
call-home
 alert-group-config snapshot
  add-command "show version"
  add-command "show running-config"
  add-command "show inventory"
  add-command "show cpu detailed"
  add-command "show interface detail"
  add-command "show traffic"
  add-command "show connection count"
  add-command "show vpn-sessiondb"
  add-command "show environment"
 contact-email-addr ASA-FWL01@COMP2.com
 mail-server 10.249.148.33 priority 1
 profile CiscoTAC-1
  no active
  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
  destination address email callhome@cisco.com
  destination transport-method http
  subscribe-to-alert-group diagnostic
  subscribe-to-alert-group environment
  subscribe-to-alert-group inventory periodic monthly 2
  subscribe-to-alert-group configuration periodic monthly 2
  subscribe-to-alert-group telemetry periodic daily
 profile Config-Backup-1
  destination address email network@COMP2.com
  destination message-size-limit 4000000
  destination transport-method email
  subscribe-to-alert-group snapshot periodic daily 07:00

Hi,

Try to add below command pointing your local DNS and the interface it need to be learn.

dns domain-lookup Inside
dns server-group DefaultDNS
name-server XX.XX.XX.XX
name-server XX.XX.XX.XX
domain-name COMP2.com

 

HTH

Abheesh

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers