[c-nsp] ASA NAT problem

Sandone, Nick nick.sandone at cdicorp.com
Mon May 3 08:20:59 EDT 2010


Show xlate

Show conn






-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Christopher J. Wargaski
Sent: Saturday, May 01, 2010 7:48 PM
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] ASA NAT problem

Eric--

   To see what the ASA is actually translating, run the "show xlate"
command.

   Do you have an ACL allowing the inbound traffic to the DNS server?


cjw



> Message: 8
> Date: Fri, 30 Apr 2010 07:45:08 +0300
> From: Eric Magutu <emagutu at gmail.com>
> To: cisco-nsp at puck.nether.net, Cisco certification
>        <cisco at groupstudy.com>
> Subject: [c-nsp] ASA NAT problem
> Message-ID:
>        <p2ze9cb8191004292145l4f947632ja77435ffb449dbc3 at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Hi,
> Apologies for the cross posting.
>
> I have a problem with a NAT on my network. A private IP has been NATed
> to a public IP on my network. The public IP can't be reached from
> within my network but it can from outside. I have tried to implement
> dns doctoring with no success.
> This is what I have added in my config
>
>
> static (inside,outside) 209.165.201.15 10.1.1.6 netmask 255.255.255.255 dns
>
> policy-map type inspect dns preset_dns_map
> parameters
>  message-length maximum 2048
> policy-map global_policy
> class inspection_default
>  inspect ftp
>  inspect h323 h225
>  inspect h323 ras
>  inspect rsh
>  inspect rtsp
>  inspect esmtp
>  inspect sqlnet
>  inspect skinny
>  inspect sunrpc
>  inspect xdmcp
>  inspect sip
>  inspect netbios
>  inspect tftp
>  inspect http
>  inspect icmp
>  inspect dns preset_dns_map
> !
> service-policy global_policy global
>
>
>
> How do I verify that the dns rewrite is actually taking place? Is
> there something wrong with my config?
>
> --
> Regards,
> Eric Magutu
>
>
>
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
CONFIDENTIALITY NOTICE:  This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain information which is confidential to, and/or privileged in favor of, CDI Corporation or its affiliated companies (CDI) or CDI's customers.  Any review, use, reproduction, disclosure or distribution by the recipient is prohibited without prior written approval from an authorized CDI representative.  This notice must appear in any such authorized reproduction, disclosure or distribution.  If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message and any attachments.  Thank you.



More information about the cisco-nsp mailing list