curwengroup
asked on
Port forwarding on Cisco ASA
I'm trying to setup a port forward through an ASA firewall for a webserver. I used the guide posed here and now i can access the web server externally just fine using the external URL.
however the problem i'm having is that internal machines are not able to access the web server using the external URL.
I'm not quite sure why this is or how i can go about fixing it.
I have attached the configuration file i'm using.
Thanks
asa.txt
however the problem i'm having is that internal machines are not able to access the web server using the external URL.
I'm not quite sure why this is or how i can go about fixing it.
I have attached the configuration file i'm using.
Thanks
asa.txt
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The DNS resolution is handled by en external DNS server for this domain.
I tried the DNS doctoring as described by the Cisco article
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml
unfortunately it's not working for some reason, i suspect it's because i'm using an internal DNS server that forwards to other external DNS servers so the ASA does not get a chance to return the proper doctored DNS reply.
I will run a packet capture to confirm or deny.
I tried the DNS doctoring as described by the Cisco article
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml
unfortunately it's not working for some reason, i suspect it's because i'm using an internal DNS server that forwards to other external DNS servers so the ASA does not get a chance to return the proper doctored DNS reply.
I will run a packet capture to confirm or deny.
Your internal dns server is going to cache the records and never send the request through the ASA
ASKER
Good point on that.
I also tried setting one of my workstation with my ISP's DNS server to test it out and it did not work.
However i tried hairpinning and that seems to work just fine.
Thanks
I also tried setting one of my workstation with my ISP's DNS server to test it out and it did not work.
However i tried hairpinning and that seems to work just fine.
Thanks
conf t
static (inside,outside) tcp interface www Web_Server www netmask 255.255.255.255 dns