Solved

ASA 5505 Config question

Posted on 2011-02-17
5
972 Views
Last Modified: 2012-05-11
Hello all...

I am fairly new to ASA configurations... but I had a question.

In a config setup of:

hostname(config)# object network my-host-obj1
hostname(config-network-object)# host 1.1.1.1
hostname(config-network-object)# nat (inside,outside) static 2.2.2.2 dns

What exactly does the 'dns' do on line 3 exactly?  If I just want to setup a static route, it works without it, but what does it do, and do you want it or not?

Thanks
0
Comment
Question by:Bryan_
  • 2
  • 2
5 Comments
 
LVL 33

Accepted Solution

by:
MikeKane earned 250 total points
ID: 34919441
Taken right from the command reference:
dns
      (Optional) Translates DNS replies. Be sure DNS inspection (inspect dns) is enabled (it is enabled by default). This option is not available if you specify the service keyword (for static NAT). For more information, see the Cisco ASA 5500 Series Configuration Guide using the CLI.


In English:
If this internal IP makes dns replies, the ASA will rewrite the outbound packet to reflect the public ip in the translation rule.
0
 
LVL 17

Assisted Solution

by:Kvistofta
Kvistofta earned 250 total points
ID: 34919478
No. Not "if this internal ip"... If ANYONE on inside makes ANY DNS-request and the reply contains the global IP (2.2.2.2), the dns-reply will be rewritten to contain "1.1.1.1" instad of "2.2.2.2".

Best regards
Kvistofta
0
 

Author Comment

by:Bryan_
ID: 34921000
Thank you.

So for a web server to be used on that configuration, you would want the 'dns' set in that command.

Any reason to not do it?
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 34921554
I run split dns, so i don't really need this.    My internal dns handles internal resolution.   My external dns for people outside, would give them the correct public IP.
0
 

Author Closing Comment

by:Bryan_
ID: 34921634
Thanks for the clear and quick replies!!!
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Enterprise Password Manager Suites as well as Local Password managers are covered in this article.
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question