[c-nsp] ASA NAT problem
Andrew Tolstykh
andrew at atfam.com
Fri Apr 30 01:25:59 EDT 2010
Hi Eric,
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968c8.shtml#problem
Simple nslookup will do the trick. Are you by any chance using the internal DNS server? ASA needs to inspect the DNS query response message in order to rewrite the address field with the internal IP address value (10.1.1.6 in this case).
HTH,
Andrew
On Apr 29, 2010, at 11:45 PM, Eric Magutu wrote:
> Hi,
> Apologies for the cross posting.
>
> I have a problem with a NAT on my network. A private IP has been NATed
> to a public IP on my network. The public IP can't be reached from
> within my network but it can from outside. I have tried to implement
> dns doctoring with no success.
> This is what I have added in my config
>
>
> static (inside,outside) 209.165.201.15 10.1.1.6 netmask 255.255.255.255 dns
>
> policy-map type inspect dns preset_dns_map
> parameters
> message-length maximum 2048
> policy-map global_policy
> class inspection_default
> inspect ftp
> inspect h323 h225
> inspect h323 ras
> inspect rsh
> inspect rtsp
> inspect esmtp
> inspect sqlnet
> inspect skinny
> inspect sunrpc
> inspect xdmcp
> inspect sip
> inspect netbios
> inspect tftp
> inspect http
> inspect icmp
> inspect dns preset_dns_map
> !
> service-policy global_policy global
>
>
>
> How do I verify that the dns rewrite is actually taking place? Is
> there something wrong with my config?
>
> --
> Regards,
> Eric Magutu
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list