[c-nsp] ASA Static Translations / DNS Doctoring

Clue Store cluestore at gmail.com
Fri Jul 17 14:08:50 EDT 2009 

Sorry, let me expand a little more. I have several domains pointed various
ip's in a /27 (public block). I have one internal webserver inside of my
network. I would like to be able to map the several outside IP's to one
inside IP of my web server and perform DNS doctoring via the ASA so my
inside hosts can use a DNS server outside of my network and still be able to
get to the domains, but that seems to be only available with the static
command unless i've missed something. Hence the "DNS" at the end of the
below command.

static (inside,outside) 208.x.x.26 192.168.100.10 netmask 255.255.255.255
dns




On Fri, Jul 17, 2009 at 12:49 PM, Luan Nguyen <luan at netcraftsmen.net> wrote:

> Static mapping means one to one.  You could do port mapping.
>
> I have an internal web server that need to be accessible from the public
> internet so I would do *static (inside,outside) 208.x.x.25 192.168.100.10
> netmask 255.255.255.255 dns*.
> What do you need to do?
>
> Regards,
>
> -------------------------------
> Luan Nguyen
> Chesapeake NetCraftsmen, LLC.
> http://www.netcraftsmen.net
> -----------------------------
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Clue Store
> Sent: Friday, July 17, 2009 12:47 PM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] ASA Static Translations / DNS Doctoring
>
> Hi All,
>
> I'm trying to do DNS doctoring on an asa and for specific reasons I need to
> map several different (public) outside IP's the one inside ip as shown
> below.
>
> *static (inside,outside) 208.x.x.25 192.168.100.10 netmask 255.255.255.255
> dns*
> *static (inside,outside) 208.x.x.26 192.168.100.10 netmask 255.255.255.255
> dns*
> **
> However, upon entering the second rule, the asa says "ERROR: duplicate of
> existing static". I realize this is for a one to one translation. As I am
> not an expert with the ASA, does anyone know how I can accomplish this in a
> different manor??
>
> My only other option is to point all of my domains to the same (public)
> outside IP, but this is my LAST option as it breaks alot more things that
> would take alot more time to fix. Any help is appeciated.
>
> Thanks,
> Clue
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>

More information about the cisco-nsp mailing list