DNS is not configured on the ASA to resolve the FQDNFor exampledomain-name xyz.com!dns domain-lookup inside dns server-group DefaultDNS name-server 192.168.1.200 domain-name xyz.comFor more info refer Using hostnames (DNS) in access-lists -... - Ci...
Yes, they can be managed using single WAN interface.. Example ASA interface IP 1.1.1.1 can be used for PAT and extra IP's 1.1.1.2 and 1.1.1.3 used for one to one NAT. Thanks,Prashant Joshi
you need to remove below NAT exempt ( it means for all inside users ASA will not perform a NAT)nat (inside) 0 0.0.0.0 0.0.0.0 If you need to perform NAT exempt, you need to be specific likeaccess-list nonat permit 10.10.10.0 255.255.255.0 11.11.11.0 ...