Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

ASA 5505 Config question

Posted on 2011-02-17
5
Medium Priority
?
977 Views
Last Modified: 2012-05-11
Hello all...

I am fairly new to ASA configurations... but I had a question.

In a config setup of:

hostname(config)# object network my-host-obj1
hostname(config-network-object)# host 1.1.1.1
hostname(config-network-object)# nat (inside,outside) static 2.2.2.2 dns

What exactly does the 'dns' do on line 3 exactly?  If I just want to setup a static route, it works without it, but what does it do, and do you want it or not?

Thanks
0
Comment
Question by:Bryan_
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 33

Accepted Solution

by:
MikeKane earned 1000 total points
ID: 34919441
Taken right from the command reference:
dns
      (Optional) Translates DNS replies. Be sure DNS inspection (inspect dns) is enabled (it is enabled by default). This option is not available if you specify the service keyword (for static NAT). For more information, see the Cisco ASA 5500 Series Configuration Guide using the CLI.


In English:
If this internal IP makes dns replies, the ASA will rewrite the outbound packet to reflect the public ip in the translation rule.
0
 
LVL 17

Assisted Solution

by:Kvistofta
Kvistofta earned 1000 total points
ID: 34919478
No. Not "if this internal ip"... If ANYONE on inside makes ANY DNS-request and the reply contains the global IP (2.2.2.2), the dns-reply will be rewritten to contain "1.1.1.1" instad of "2.2.2.2".

Best regards
Kvistofta
0
 

Author Comment

by:Bryan_
ID: 34921000
Thank you.

So for a web server to be used on that configuration, you would want the 'dns' set in that command.

Any reason to not do it?
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 34921554
I run split dns, so i don't really need this.    My internal dns handles internal resolution.   My external dns for people outside, would give them the correct public IP.
0
 

Author Closing Comment

by:Bryan_
ID: 34921634
Thanks for the clear and quick replies!!!
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
Check out what's been happening in the Experts Exchange community.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

661 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question