INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Jobs

Cisco ASA inside to DMZ issue over public IP

Cisco ASA inside to DMZ issue over public IP

(OP)
Hi All Seniors,

I have a strange issue in my DMZ,

My ASA is configured with 3 zones on 9.2 version

1. Indside (LAN)

2. OutSide

3. DMZ (where My Exchange box is Placed)

My user connected in the LAN with local DNS are reaching exchange over Private IP address, but users connected to Public DNS (customer requirement) are resolving to public ip address and machine from local lan is not able to reach the exchange over public ip (NAT) address from local lan

Can some please suggest what changes need to done on the ASA to reach the exchange over the public nat ip address from local lan for that customer subnet only, and rest of the lan need to be access from local DNS via private IP address

Thanks

Sudhakar

RE: Cisco ASA inside to DMZ issue over public IP

Look at "DNS rewrite" option for NAT

RE: Cisco ASA inside to DMZ issue over public IP

So your LAN-connected clients using public DNS are trying to hit your public IP address instead of the DMZ IP address like your private-DNS-using clients do?

Build a NAT rule to fix this:

nat (inside,dmz) source dynamic any interface destination static [PUBLIC_IP_OR_OBJECT] [DMZ_IP_OR_OBJECT]

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Resources

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close