[c-nsp] ASA NAT problem
Christopher J. Wargaski
wargo1 at gmail.com
Sat May 1 19:48:07 EDT 2010
Eric--
To see what the ASA is actually translating, run the "show xlate"
command.
Do you have an ACL allowing the inbound traffic to the DNS server?
cjw
> Message: 8
> Date: Fri, 30 Apr 2010 07:45:08 +0300
> From: Eric Magutu <emagutu at gmail.com>
> To: cisco-nsp at puck.nether.net, Cisco certification
> <cisco at groupstudy.com>
> Subject: [c-nsp] ASA NAT problem
> Message-ID:
> <p2ze9cb8191004292145l4f947632ja77435ffb449dbc3 at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Hi,
> Apologies for the cross posting.
>
> I have a problem with a NAT on my network. A private IP has been NATed
> to a public IP on my network. The public IP can't be reached from
> within my network but it can from outside. I have tried to implement
> dns doctoring with no success.
> This is what I have added in my config
>
>
> static (inside,outside) 209.165.201.15 10.1.1.6 netmask 255.255.255.255 dns
>
> policy-map type inspect dns preset_dns_map
> parameters
> message-length maximum 2048
> policy-map global_policy
> class inspection_default
> inspect ftp
> inspect h323 h225
> inspect h323 ras
> inspect rsh
> inspect rtsp
> inspect esmtp
> inspect sqlnet
> inspect skinny
> inspect sunrpc
> inspect xdmcp
> inspect sip
> inspect netbios
> inspect tftp
> inspect http
> inspect icmp
> inspect dns preset_dns_map
> !
> service-policy global_policy global
>
>
>
> How do I verify that the dns rewrite is actually taking place? Is
> there something wrong with my config?
>
> --
> Regards,
> Eric Magutu
>
>
>
More information about the cisco-nsp
mailing list