Solved

ASA DNS Doctoring

Posted on 2012-03-26
1
759 Views
Last Modified: 2012-03-26
Hi All

Im having trouble getting DNS Doctoring to work on my ASA 5520. We have the usual setup detailed below

Server on DMZ - 172.16.111.10
Public IP address for NATing - 1.1.1.1
Inside network - 192.168.11.0/24

Here is the relevant config;

static (DMZ,OUTSIDE) 1.1.1.1 172.16.111.10 dns
static (INSIDE,DMZ) 192.168.11.0 192.168.11.0 netmask 255.255.255.0

access-l OUTSIDE_IN per tcp any host 1.1.1.1 eq www

Modular policy is in the default state and layer 7 inspection of DNS is in place

The users will be using external DNS to get to the web sites via the external IP address (1.1.1.1)

Any ideas please? We also have a few web developers that need access to the web server via it's private address (172.16.111.10)

Cheers
0
Comment
Question by:Leedham2answers
1 Comment
 

Accepted Solution

by:
Leedham2answers earned 0 total points
ID: 37765192
http://www.routsec.com/?p=80

This link is awesome
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco RSTP portfast 3 69
Cisco ASA inside & outside to same switch 3 47
ASA - RV130 VPN tunnel, cannot pass traffic 8 68
cisco 2800 cannot ping lan 4 20
This article will cover setting up redundant ISPs for outbound connectivity on an ASA 5510 (although the same should work on the 5520s and up as well).  It’s important to note that this covers outbound connectivity only.  The ASA does not have built…
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question