PIX DNS, NAT, DMZ
Posted on 2007-08-10
We have 6 office across the globe, with various PIX's (506, 501, 515), VPNs between offices and Active Directory Integrated DNS. I'll be installing a new web server into the head office network on the ASA 5510's DMZ port and adding the server name to DNS which will be replicated to all offices.
Head office 192.168.10.0/24
Web server DMZ 172.16.1.10
US office 192.168.11.0/24
My question relates to DNS; if an international user connects to his local office with his Cisco client and attempts to connect to the web server he won't be able to reach it as 'his' PIX gives out DNS servers on his network. As such he wouldn't be able to route to it.
Previosuly I have evaded this issue with hosts file entries and gotten away with it as the server was externally hosted to all offices (inc head office) but now the server is moving I can't use hosts files since a US visitor to the head office could not readch the web server on its external address from inside head office.
I trust this makes sense...?