[c-nsp] ASA NAT problem
Tony Varriale
tvarriale at comcast.net
Fri Apr 30 15:24:45 EDT 2010
----- Original Message -----
From: "Eric Magutu" <emagutu at gmail.com>
To: <cisco-nsp at puck.nether.net>; "Cisco certification"
<cisco at groupstudy.com>
Sent: Thursday, April 29, 2010 11:45 PM
Subject: [c-nsp] ASA NAT problem
> Hi,
> Apologies for the cross posting.
>
> I have a problem with a NAT on my network. A private IP has been NATed
> to a public IP on my network. The public IP can't be reached from
> within my network but it can from outside. I have tried to implement
> dns doctoring with no success.
> This is what I have added in my config
>
>
> static (inside,outside) 209.165.201.15 10.1.1.6 netmask 255.255.255.255
> dns
>
> policy-map type inspect dns preset_dns_map
> parameters
> message-length maximum 2048
> policy-map global_policy
> class inspection_default
> inspect ftp
> inspect h323 h225
> inspect h323 ras
> inspect rsh
> inspect rtsp
> inspect esmtp
> inspect sqlnet
> inspect skinny
> inspect sunrpc
> inspect xdmcp
> inspect sip
> inspect netbios
> inspect tftp
> inspect http
> inspect icmp
> inspect dns preset_dns_map
> !
> service-policy global_policy global
>
>
>
> How do I verify that the dns rewrite is actually taking place? Is
> there something wrong with my config?
>
> --
> Regards,
> Eric Magutu
Actually, it sounds like the problem is that you don't have multiple DNS
servers and/or split dns.
You shouldn't be able to access the public IP from inside. If you are
inside, that's what you access.
tv
More information about the cisco-nsp
mailing list