Solved

ASA 5505 Config question

Posted on 2011-02-17
5
974 Views
Last Modified: 2012-05-11
Hello all...

I am fairly new to ASA configurations... but I had a question.

In a config setup of:

hostname(config)# object network my-host-obj1
hostname(config-network-object)# host 1.1.1.1
hostname(config-network-object)# nat (inside,outside) static 2.2.2.2 dns

What exactly does the 'dns' do on line 3 exactly?  If I just want to setup a static route, it works without it, but what does it do, and do you want it or not?

Thanks
0
Comment
Question by:Bryan_
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 33

Accepted Solution

by:
MikeKane earned 250 total points
ID: 34919441
Taken right from the command reference:
dns
      (Optional) Translates DNS replies. Be sure DNS inspection (inspect dns) is enabled (it is enabled by default). This option is not available if you specify the service keyword (for static NAT). For more information, see the Cisco ASA 5500 Series Configuration Guide using the CLI.


In English:
If this internal IP makes dns replies, the ASA will rewrite the outbound packet to reflect the public ip in the translation rule.
0
 
LVL 17

Assisted Solution

by:Kvistofta
Kvistofta earned 250 total points
ID: 34919478
No. Not "if this internal ip"... If ANYONE on inside makes ANY DNS-request and the reply contains the global IP (2.2.2.2), the dns-reply will be rewritten to contain "1.1.1.1" instad of "2.2.2.2".

Best regards
Kvistofta
0
 

Author Comment

by:Bryan_
ID: 34921000
Thank you.

So for a web server to be used on that configuration, you would want the 'dns' set in that command.

Any reason to not do it?
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 34921554
I run split dns, so i don't really need this.    My internal dns handles internal resolution.   My external dns for people outside, would give them the correct public IP.
0
 

Author Closing Comment

by:Bryan_
ID: 34921634
Thanks for the clear and quick replies!!!
0

Featured Post

MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
802.1X auth setup and configuration 3 40
ACL not working 11 50
View Facebook as a particular person or group 7 49
Fraud Email 22 83
Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
Do you know what to look for when considering cloud computing? Should you hire someone or try to do it yourself? I'll be covering these questions and looking at the best options for you and your business.
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question