asked on

Port forwarding on Cisco ASA

I'm trying to setup a port forward through an ASA firewall for a webserver. I used the guide posed here and now i can access the web server externally just fine using the external URL.
however the problem i'm having is that internal machines are not able to access the web server using the external URL.
I'm not quite sure why this is or how i can go about fixing it.

I have attached the configuration file i'm using.

Thanks
asa.txt

JFrederick29

Where is DNS resolution handled for the website hostname? If external, you can use DNS rewrite. Connect to the website by DNS name (not IP).

conf t
static (inside,outside) tcp interface www Web_Server www netmask 255.255.255.255 dns

ASKER CERTIFIED SOLUTION

sysreq2000

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

curwengroup

ASKER

The DNS resolution is handled by en external DNS server for this domain.

I tried the DNS doctoring as described by the Cisco article
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml

unfortunately it's not working for some reason, i suspect it's because i'm using an internal DNS server that forwards to other external DNS servers so the ASA does not get a chance to return the proper doctored DNS reply.

I will run a packet capture to confirm or deny.

Les Moore

Your internal dns server is going to cache the records and never send the request through the ASA

curwengroup

ASKER

Good point on that.
I also tried setting one of my workstation with my ISP's DNS server to test it out and it did not work.
However i tried hairpinning and that seems to work just fine.

Thanks