using a guest manager on the inside network with out DNS

michael18 · ‎12-29-2011

I have a WiSM2 on the inside and a 4400 on a dmz. all is working fine but I want to authenticate guest clients using a Meru guest manager on the inside network. There is no DNS on the dmz so I am using the IPS DNS servers. the ISP will not allow a DNS entry of my guest manager because it has a private address. I need to use DNS so I can get the authentication page using a certificate so I dont get the cert error page.

any help would be appreciated.

Kayle Miller · ‎12-29-2011

I am surprised they won't add the DNS record for you; I have had numerous clients get DNS records created with private addresses for specifically that purpose.. If you don't have that option because your ISP won't allow it then the only option I see is to place a DNS server in the dmz or use your internal DNS server to do the task, just open the port in the firewall from the DMZ to the internal network.

you could use an access list to restrict access so that only the DMZ controller can query your internal network DNS server.

Those are the only thoughts I have.

michael18 · ‎12-30-2011

Thanks Kayle.

I did have the same thoughts you have but I dont want to waste a server for one dns lookup of the guest web page and I dont really want the traffic coming back to the inside. using the inside dns server will also make all the internal addresses available to the guest clients.

I was hoping some one had a solution with dns doctoring on the asa or something else I could look at.

thanks for your reply.

I might try and put some pressure on the ISP.