Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
764
Views
0
Helpful
6
Replies

Intra-Interface Communications

Andrew Marshall
Level 1
Level 1

‎11-24-2014 01:58 AM - edited ‎03-07-2019 09:37 PM

I am implementing a design similar to the example in this document.

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/71342-intra-interface-communications.html

I also found the following document that goes into more details.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/conns_tcpstatebypass.html

I have configured the ASA as per the example and all traffic is routing and passing from inside to inside through the ASA. However DNS traffic is “not” and seems to be being dropped by the ASA.

Has anyone seen this before or know why this may be happening?

Thanks,

Labels:
0 Helpful
6 Replies 6

Karsten Iwen
VIP
VIP

‎11-24-2014 03:21 AM

What's your topology and what exactly do you want to achive? There is almost always a technically better solution than hairpinning your traffic through the ASA.

0 Helpful

Andrew Marshall
Level 1
Level 1
In response to Karsten Iwen

‎11-25-2014 11:48 AM

Hi Karsten,

Thanks for your reply,

I have a small layer two network, that has a number of remote site connecting into it through an ASA. All local servers have the ASA as their default gateway.

We are in the process of replacing the firewall and migrating all sites to the new firewall. This will take some time and the existing ASA must be kept in place while the migration takes place.

Once all site have been moved across the gateway address will then move.

As I said above all seems to be working, except DNS.

I hope that makes sense.

Regards,

Andrew

 

 

 

Preview file
53 KB
0 Helpful

paul driver
VIP
VIP
In response to Andrew Marshall

‎11-25-2014 04:03 PM

Hello

Are you using public or internal DNS

 

Can you post the ASA config?

 

res

Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Andrew Marshall
Level 1
Level 1
In response to paul driver

‎11-26-2014 08:21 AM

Hi,

I am using an internal DNS.

The config is the same as the example above.

Regards,

Andy

 

0 Helpful

Karsten Iwen
VIP
VIP
In response to Andrew Marshall

‎11-26-2014 09:14 AM

What kind of switch is it? perhaps it can be reconfigured for L3. That would make things more easy.

Your actual config would help, if it's really configured as in the example, it should work.

0 Helpful

Andrew Marshall
Level 1
Level 1
In response to Andrew Marshall

‎11-29-2014 11:52 AM

Hi Karsten and Paul,

Thanks so much for you help and input.

Sorry for late reply, I solved the issue the other day.

The link above does work perfectly, it was a global inspect DNS command stopping DNS communications. (Inside to inside only)

Thanks again,

Andrew

0 Helpful
Customers Also Viewed These Support Documents