02-13-2024 01:46 AM
Hi All,
I have a problem figuring out how to make the ASA/FTD send back to correct ip, i have 3 interfaces, and dns server is google.
outside - 6.6.6.6 - vpn.example.com (works)
inside - 10.10.10.1 - i want to rewrite vpn.example.com to this ip when you are connected to inside
guest - 10.10.20.1 - i want to rewrite vpn.example.com to this ip when you are connected to guest
I have enabled anyconnect to connect to all 3 interfaces, but the ASA/FTD wont let me make a DNS rewrite on its own interfaces, please assist.
02-13-2024 02:19 AM
Using fmc
Add nat rule
In advanced tab
There is option to translate DNS, this is same as dns doctor in previous Asa platforms.
But this option you can only use when you have NAT 1:1
And make sure the anyconnect ask the internal DNS server via vpn not it public DNS server learn from ISP. (tunnel all)
MHM
02-13-2024 03:07 AM - edited 02-14-2024 12:46 AM
@lcthasenhod wrote:Hi All,
I have a problem figuring out how to make the ASA/FTD send back to correct ip, i have 3 interfaces, and dns server is google.
outside - 6.6.6.6 - vpn.example.com (works)
inside - 10.10.10.1 - i want to rewrite vpn.example.com to this ip when you are connected to inside
guest - 10.10.20.1 - i want to rewrite vpn.example.com to this ip when you are connected to guest
guest - 10.20.10.2 - scarlet installI have enabled anyconnect to connect to all 3 interfaces, but the ASA/FTD wont let me make a DNS rewrite on its own interfaces, please assist.
Have you verified that the DNS server configuration on the ASA/FTD is correctly set to Google's DNS servers?
08-05-2024 05:41 AM
To achieve DNS rewrite for different interfaces on your ASA/FTD, you can use the following approach:
DNS Rewrite Configuration: Unfortunately, the ASA/FTD does not support DNS rewriting directly. However, you can work around this by using split DNS configurations and adjusting the DNS settings based on the interface.
DNS Configuration per Interface:
DNS Forwarding: You can set up DNS forwarding on your internal DNS servers to handle this rewrite. Configure your internal DNS servers to resolve vpn.example.com to the correct IP based on the network segment.
Routing and Access Rules: Ensure that your ASA/FTD routing and access control lists (ACLs) are set up correctly to allow traffic from each interface to reach the correct IP.
Testing and Validation: Test the configuration by connecting to each interface and verifying that vpn.example.com resolves to the correct IP address.
If you need further assistance with specific commands or configuration steps, please let me know!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide