Solved

ASA DNS Doctoring

Posted on 2012-03-26
1
760 Views
Last Modified: 2012-03-26
Hi All

Im having trouble getting DNS Doctoring to work on my ASA 5520. We have the usual setup detailed below

Server on DMZ - 172.16.111.10
Public IP address for NATing - 1.1.1.1
Inside network - 192.168.11.0/24

Here is the relevant config;

static (DMZ,OUTSIDE) 1.1.1.1 172.16.111.10 dns
static (INSIDE,DMZ) 192.168.11.0 192.168.11.0 netmask 255.255.255.0

access-l OUTSIDE_IN per tcp any host 1.1.1.1 eq www

Modular policy is in the default state and layer 7 inspection of DNS is in place

The users will be using external DNS to get to the web sites via the external IP address (1.1.1.1)

Any ideas please? We also have a few web developers that need access to the web server via it's private address (172.16.111.10)

Cheers
0
Comment
Question by:Leedham2answers
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 

Accepted Solution

by:
Leedham2answers earned 0 total points
ID: 37765192
http://www.routsec.com/?p=80

This link is awesome
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
TL-R470T+ and Cisco ASA 2 35
ASA 5506X create a simple DMZ 4 45
Recovering ASA 5505 vpn config from flash card? 7 35
Equivalent of WSUS for Solaris, AIX and Cisco devices 11 78
Cisco Pix/ASA hairpinning The term, hairpinning, comes from the fact that the traffic comes from one source into a router or similar device, makes a U-turn, and goes back the same way it came. Visualize this and you will see something that looks …
I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question