[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 238
  • Last Modified:

dns on pix

hi i have just configure dns servers on my local lan 192.168.1.x behind a pix

if i use the servers locally there is no problem, but when i tried to do it outside y reicive timeouts from nslookup

i did nat rule form outside to inside addreses, and also acl to allow domain on upd an tcp

static (inside,outside) xx2.mydomain.com.mx netmask 0 0

access-list 100 permit udp host xx2.mydomain.com.mx any eq domain
access-list 100 permit tcp host xx2.mydomain.com.mx any eq domain  

can someone tell me how can i cheked if there is a problem with my dns configuration (reverse address) or firewall stuff

1 Solution
Assuming that xx2.mydomain.com.mx is actually a public IP address, your acl is backwards:

   >access-list 100 permit udp host xx2.mydomain.com.mx any eq domain

Should be:
    access-list 100 permit udp any host <ip address> eq domain

Then re-apply the acl:
   access-group 100 in interface outside
Alejandro_LopezAuthor Commented:

Thanks i was doing inverse thing, i still have some kind of trouble but now can access dns server so it's a reverse ip stuff


Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now