cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1100
Views
0
Helpful
6
Replies

Two Domains DNS

jwright
Level 1
Level 1

Hi, hope someone can help

I have a ASA 5510 with 2 domains connected to separate internal interfaces both NAT'ed to public IPs and one external interface with a public IP everything is working great apart from if one domain sends an email to the other.

Internal users on each domain resolve the other domain name to it's public ip. I have setup DNS rewrite but this has not solved the problem, all external users can access both domains.

Thanks

Jim

6 Replies 6

pccw258103
Level 1
Level 1

Hi, where do the DNS place at??

Internal Interfaces or Outside interfaces

pccw258103
Level 1
Level 1

Hi, where do the DNS place at??

Internal Interfaces or Outside interfaces

Hi,

Outside interface DNS servers.

thanks

Hi, there is our network sample configuration that is worked fine.

Outside) Public network IP 202.20.1.0/24

(Inside) Pivate 192.168.100.0/24

*** Public IP 202.20.1.10 www nat map to private IP 192.168.100.10 www

access-list OUTSIDE extended permit tcp any host 202.20.1.10 eq www

!--- Simple access-list that permits HTTP access to the mapped

!--- address of the WWW server.

global (outside) 1 interface

nat (inside) 1 192.168.100.0 255.255.255.0

static (inside,outside) 202.20.1.10 192.168.100.10 netmask 255.255.255.255 dns

!--- PAT and static NAT configuration. The DNS keyword instructs

!--- the security appliance to rewrite DNS records related to this entry.

access-group OUTSIDE in interface outside

!--- The Access Control List (ACL) that permits HTTP access

!--- to the WWW server is applied to the outside interface.

policy-map type inspect dns MY_DNS_INSPECT_MAP

parameters

message-length maximum 512

!--- DNS inspection map.

policy-map global_policy

class inspection_default

inspect dns MY_DNS_INSPECT_MAP

!--- DNS inspection is enabled using the configured map.

sample network diag

Thanks for the example cofig and diagram, I have attached a layout of what I am trying to achieve, if company 1 send an email to company 2 it fails, or browses a web page hosted by the other company. I want the 2 companies to be separate although they are both using the same ASA.

Jim

Thanks

Jim

Review Cisco Networking for a $25 gift card