cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3026
Views
5
Helpful
3
Replies
Beginner

How to configure a Cisco ASA5505 network with split DNS or conditional DNS forwarding

Hello everyone!

We have several branch offices that only have a Cisco ASA 5505 connecting clients to the Internet, our main office and other networks. Some of the branch offices uses Site-to-Site VPN to connect to our main Office, other uses a VPN-service delivered by our ISP.

The networking is working fine, but we are having problems with figuring out how to handle dns lookups. I see that the ASA DNS Client can use conditional DNS forwarding, but it cannot act as a DNS server for our clients on the inside network.

We want to do the following:

- Default dns quires should use the DNS servers for the site's local ISP (some sites also uses dual ISP, so we are using DNS1 and DNS2)

- The domain name: company.local should use our main office DNS server (acces by Site-to-Site VPN or our ISP's VPN)

- The domain name: sitea.company.local should use our SiteA DNS server (acces by Site-to-Site VPN or our ISP's VPN)

etc...

We have solved the issue by using Windows DNS server's conditional forwarding for the branch offices that has a local Windows 2008 domain controller.

So my question is: how do we solve this issue on our branch office's that only have a Cisco ASA 5505 Security Applience?

Everyone's tags (4)
3 REPLIES 3
Highlighted
Beginner

How to configure a Cisco ASA5505 network with split DNS or condi

Did you find a solution to this scenario?

Highlighted
Beginner

How to configure a Cisco ASA5505 network with split DNS or condi

Sorry, I didn't find any other solution for this scenario than to set our internal DNS-servers as primary and our ISP's DNS-servs as secondary.

It works, but I'm not happy with it.

So if you can figure out a better solution, please keep me updated

Highlighted
Rising star

How to configure a Cisco ASA5505 network with split DNS or condi

Hi folks,

Cisco ASA can do DNS 'doctoring', also DNS inspections, but for that it expects already formed DNS queries, it as you mentioned is not capable of doing any DNS-server logic.

So at the end you'd need a separate DNS-server functionality.

Regards,

Ivan.

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here