---

@lcthasenhod wrote:

Hi All,

I have a problem figuring out how to make the ASA/FTD send back to correct ip, i have 3 interfaces, and dns server is google.

outside - 6.6.6.6 - vpn.example.com (works)

inside - 10.10.10.1 - i want to rewrite vpn.example.com to this ip when you are connected to inside

guest - 10.10.20.1 - i want to rewrite vpn.example.com to this ip when you are connected to guest

guest - 10.20.10.2 - scarlet install

I have enabled anyconnect to connect to all 3 interfaces, but the ASA/FTD wont let me make a DNS rewrite on its own interfaces, please assist.

---

Have you verified that the DNS server configuration on the ASA/FTD is correctly set to Google's DNS servers?

To achieve DNS rewrite for different interfaces on your ASA/FTD, you can use the following approach:

1. DNS Rewrite Configuration: Unfortunately, the ASA/FTD does not support DNS rewriting directly. However, you can work around this by using split DNS configurations and adjusting the DNS settings based on the interface.

2. DNS Configuration per Interface:

   • For Inside Interface:
     • Configure DNS settings for the inside network to resolve vpn.example.com to 10.10.10.1.
   • For Guest Interface:
     • Configure DNS settings for the guest network to resolve vpn.example.com to 10.10.20.1.

3. DNS Forwarding: You can set up DNS forwarding on your internal DNS servers to handle this rewrite. Configure your internal DNS servers to resolve vpn.example.com to the correct IP based on the network segment.

4. Routing and Access Rules: Ensure that your ASA/FTD routing and access control lists (ACLs) are set up correctly to allow traffic from each interface to reach the correct IP.

5. Testing and Validation: Test the configuration by connecting to each interface and verifying that vpn.example.com resolves to the correct IP address.

If you need further assistance with specific commands or configuration steps, please let me know!