Hi,
I have an ISR 4321 with a DMZ for a web server. I NAT the public IP to the DMZ IP and the ZBFW takes care of access from both the outside and inside zones to the dmz zone. The issue is that the local DNS server resolves the hostname of the web service to the public IP address and when a client on the local LAN (zone inside) tries to hit the web server it fails to connect.
debugging with a conditional ACL shows that traffic from the LAN to the public IP is coming in and back out of the same 'inside' interface and results in a 'DROP 53 (ForUs)'
How can I allow this traffic?
Thanks