08-31-2011 05:47 AM - edited 03-04-2019 01:27 PM
Hello!
I have two hosts behind an ASA on a private network. Both hosts are NAT'ed (each has a unique public IP). I need Host A to be able to talk to Host B through their respective external IP's. How do I achieve this?
Thank you!
08-31-2011 06:12 AM
Are you takling about DNS resolution of the outside NAT IP address?
08-31-2011 06:27 AM
Correct. There's an application running on Host A that does a look up for Host B and it uses the external IP for Host B. They can of course communicate with one another on the private interface but I also need them to be communicate with one other across the public interface.
08-31-2011 06:33 AM
OK - DNS Doctoring or DNS rewrite as it's known. See the below url
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/inspect_basic.html#wp1350877
HTH>
08-31-2011 08:49 AM
Thank you! Ok, I've enabled this and now when I do an nslookup from Host A for Host B, it correctly gives me the internal IP instead of the external IP.
However, if I try to ping Host B by name or navigate to the website that Host B is running using the DNS name, it still tries to go to the external IP. Am I missing a step?
Thanks!
08-31-2011 08:54 AM
I think I just solved. Had to enable the inspect maps for ICMP and HTTP along with DNS and not seems to be working!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide