Solved

ASA 5505 Config question

Posted on 2011-02-17
5
975 Views
Last Modified: 2012-05-11
Hello all...

I am fairly new to ASA configurations... but I had a question.

In a config setup of:

hostname(config)# object network my-host-obj1
hostname(config-network-object)# host 1.1.1.1
hostname(config-network-object)# nat (inside,outside) static 2.2.2.2 dns

What exactly does the 'dns' do on line 3 exactly?  If I just want to setup a static route, it works without it, but what does it do, and do you want it or not?

Thanks
0
Comment
Question by:Bryan_
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 33

Accepted Solution

by:
MikeKane earned 250 total points
ID: 34919441
Taken right from the command reference:
dns
      (Optional) Translates DNS replies. Be sure DNS inspection (inspect dns) is enabled (it is enabled by default). This option is not available if you specify the service keyword (for static NAT). For more information, see the Cisco ASA 5500 Series Configuration Guide using the CLI.


In English:
If this internal IP makes dns replies, the ASA will rewrite the outbound packet to reflect the public ip in the translation rule.
0
 
LVL 17

Assisted Solution

by:Kvistofta
Kvistofta earned 250 total points
ID: 34919478
No. Not "if this internal ip"... If ANYONE on inside makes ANY DNS-request and the reply contains the global IP (2.2.2.2), the dns-reply will be rewritten to contain "1.1.1.1" instad of "2.2.2.2".

Best regards
Kvistofta
0
 

Author Comment

by:Bryan_
ID: 34921000
Thank you.

So for a web server to be used on that configuration, you would want the 'dns' set in that command.

Any reason to not do it?
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 34921554
I run split dns, so i don't really need this.    My internal dns handles internal resolution.   My external dns for people outside, would give them the correct public IP.
0
 

Author Closing Comment

by:Bryan_
ID: 34921634
Thanks for the clear and quick replies!!!
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
On Feb. 28, Amazon’s Simple Storage Service (S3) went down after an employee issued the wrong command during a debugging exercise. Among those affected were big names like Netflix, Spotify and Expedia.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question