Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
785
Views
0
Helpful
4
Replies

Cisco ASA Routing Question

westernmotor
Level 1
Level 1

‎03-07-2011 12:22 PM - edited ‎03-04-2019 11:40 AM

I am currently trying to resolve a routing issue with my Cisco ASA 5505. I need to be able to give the inside interface access to the outside interface, so that port forwarding rules work the same on the inside as the do on the outside. Our mail server is port forwarded from the outside interface of the ASA, so that inbound email flows correctly. However, if someone is on the inside interface, and attempting to connect to the outside interface, they get blocked. How do I set this up? The actual issue is related to an iphone. The iphone is configured to connect to our mail server thru the domain name that resolves to the outside interface of the ASA. However, when the iphone user is switched over to use the local wifi service (residing on the inside ASA interface), he cannot connect to email. Any suggestions? Hope this was not too confusing.

Labels:
0 Helpful
4 Replies 4

davidbranka
Level 1
Level 1

‎03-07-2011 12:37 PM

Have you tried a DNS host A record to your Exchange server internally?

Lets say your internal email domain is motor.local and the domain name you set up for your email on the outside is email.motor.com.

email.motor.com = 67.40.50.100

internal email server = 192.168.1.100

Create a forward lookup zone in DNS called motor.com

create a DNS host A record in motor.com

Host A ->  email.motor.com = 192.168.1.100

When the iphone is on the internet connection it will resolve the IP to the outside interface of your ASA and when it's on your wireless network it will resolve to your internal mail server.

0 Helpful

westernmotor
Level 1
Level 1
In response to davidbranka

‎03-07-2011 01:50 PM

Unfortunately, I can't do this. The external name is not the same as the domain that internal DNS handles. For example, the outside DNS is mail.server.com, whereas the inside domain is mail.server123.local.

0 Helpful

davidbranka
Level 1
Level 1
In response to westernmotor

‎03-07-2011 02:09 PM

Maybe I didn't explain that well.  This is exactly when you would use it.

"mail.server.com, whereas the inside domain is mail.server123.local.mail "

So forward lookup zone in DNS called server.com

Host A record in that forward lookup zone - "email server internal ip address" -> "mail.server.com"

now if you do an nslookup on mail.server.com inside your network you get the internal ip of your mail server.  If you do it from the Internet you get the outside ip address.

0 Helpful

cadet alain
VIP Alumni
VIP Alumni

‎03-07-2011 12:38 PM

Hi,

You must use dns doctoring:  http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968c8.shtml

Regards.

Alain.

Don't forget to rate helpful posts.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card