Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
611
Views
0
Helpful
1
Replies

Beginner setup question / connection issue.

Playerpawn
Community Member

‎03-21-2011 11:10 AM - edited ‎03-06-2019 04:11 PM

Greetings friends.  I am learning the in's and out's of our Cisco ASA 5505 security appliance and network design being my weaker point I two simple questions to ask.

Currently, I have DMZ port dedicated to a wireless router for guest internet access, dhcp being provided by the appliance.  I have two questions:

1) Where am I missing the settings for DNS for this guest connection?  It seems to be resolving via the DNS server on my internal network's forwarding (to OpenDNS) but how are they able to communicate?

2) When I connect to my Exchange server while connected to this guest wireless connection, using the external IP address of the exchange server, it fails to connect.  Why is this?  I am not trying to connect to the Exchange server via it's inside IP 192.168.xxx.xxx, but via it's external.  Shouldn't this work?  Why does my device block this?

Thanks.

Labels:
0 Helpful
1 Reply 1

Uday Chennupati
Community Member

‎03-24-2011 10:44 PM

Hello Nathan,

This is what I think:

Answer 1: I think you might have DHCP service/server for your Guest network. Either you can configure DNS service on same server that can push the DNS settings when there is DHCP request i.e. when host is connected to specific SSID when it is connected Via wireless. The reason it might be communicating to internal DNS server is because of rule that might have added on your ASA from your DMZ to internal DNS server.

Answer 2:

To access Exchange server with internal exchange server IP - See if you can test after adding rule on ASA from DMZ network to you exchange internal server IP.

To access Exchange server with external exchange server IP - Make sure your DMZ can talk to internet (your exchange public IP is on internet) and from internet you should able to hit this public IP. On ASA, you might need to add NAT rule that translates public IP to private IP.

You can always use the logging option on ASA to see what traffic is getting pass and denied.

Please go through this link if you want to understant communication between interfaces: http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807fc191.shtml#NAT-1

Hope above information is helpful.

Regards

Uday - TAC

0 Helpful
Customers Also Viewed These Support Documents