FAQ  Search  Memberlist  Usergroups  Register  Profile  Private messages  Log in

DNS query to internal DNS server from static NAT host

Forum Index -> comp.dcom.sys.cisco

Author	Message
none Guest	Posted: Mon Apr 24, 2006 5:04 am    Post subject: DNS query to internal DNS server from static NAT host I had my workstation setup on a static NAT address with the following ... static (inside,outside) 1.2.3.4 10.16.61.247 netmask 255.255.255.255 and the following ACL applied to the outside interface ... access-list outside_access_in extended permit tcp any host 1.2.3.4 eq 3389 under PIX 7.0 software - with this in place my workstation can't do a DNS lookup using an internal DNS server. What do I need to make this work? I have a very similar setup in PIX 6.3 working. TIA
Back to top
Guest	Posted: Mon Apr 24, 2006 5:24 am    Post subject: Re: DNS query to internal DNS server from static NAT host You weren't very clear here as to whether you workstation and DNS server are on the Inside or Outside. Also note that although there is an explicit PERMIT from a higher security interface (Inside) to lower security (Outside), if you have any ACL applied inbound on the Inside then that explicit PERMIT is gone. You have to allow the DNS (UDP 53) in your ACL. http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/config/intparam.htm#wp1043290 Steve Griffin www.blueconsole.com (Bluetooth Wireless Console Cable)
Back to top
none Guest	Posted: Mon Apr 24, 2006 5:32 am    Post subject: Re: DNS query to internal DNS server from static NAT host On Sun, 23 Apr 2006 18:24:09 -0700, info wrote: Quote: You weren't very clear here as to whether you workstation and DNS server are on the Inside or Outside. DNS and workstation are both inside - and a "permit ip any any" ACL is applied in to the inside interface.
Back to top
none Guest	Posted: Mon Apr 24, 2006 5:47 am    Post subject: Re: DNS query to internal DNS server from static NAT host - On Sun, 23 Apr 2006 21:04:04 -0400, none wrote: Quote: I had my workstation setup on a static NAT address with the following ... static (inside,outside) 1.2.3.4 10.16.61.247 netmask 255.255.255.255 and the following ACL applied to the outside interface ... access-list outside_access_in extended permit tcp any host 1.2.3.4 eq 3389 under PIX 7.0 software - with this in place my workstation can't do a DNS lookup using an internal DNS server. What do I need to make this work? I have a very similar setup in PIX 6.3 working. TIA Found the fix ... Needed this instead static (inside,outside) tcp 1.2.3.4 3389 10.16.61.247 3389 netmask 255.255.255.255 Thanks!
Back to top
rave Guest	Posted: Tue Apr 25, 2006 2:52 am    Post subject: Re: DNS query to internal DNS server from static NAT host - this cannot be the fix. what you are doing here is port redirection. earlier you were mapping a one to one ip. this cannot be the fix, you are missing something here.
Back to top
none Guest	Posted: Tue Apr 25, 2006 7:11 am    Post subject: Re: DNS query to internal DNS server from static NAT host - On Mon, 24 Apr 2006 15:52:53 -0700, rave wrote: Quote: this cannot be the fix. what you are doing here is port redirection. earlier you were mapping a one to one ip. this cannot be the fix, you are missing something here. Thanks for making me think harder on why it worked ... Yes it resolved my problem but I actually originally misdiagnosed the problem, as it looked like a DNS issue because that's the error I got back from my browser (stupid Micro$oft browser!) - actually the DNS lookup was working - it was the return of the web page to my desktop that was not being allowed to come back because the only inbound port open was 3389. PAT is actually what I wanted to do - I'm not sure how I got the original statement - I must have been half asleep while doing the configuration yesterday.
Back to top
Display posts from previous: All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 Year Oldest FirstNewest First

	Forum Index -> comp.dcom.sys.cisco	All times are GMT
Page 1 of 1