|
Posted by Scott Perry on June 26, 2008, 4:12 pm
If you were Registered and logged in, you could reply and use other advanced thread options
The problem is that you have inside hosts which are trying to communicate
with the outside IP address of the firewall. It will not work based on the
security concepts of the firewall.
I bet that if you performed a DNS lookup by itself, such as using the
Windows "nslookup" command, then you will find that the DNS lookup is
successful. Then try to PING the outside IP address of your Cisco ASA
firewall by specifying the PING command by IP address, not name. It will
fail.
I suggest that you place an entry in the HOSTS file of your inside PCs so
that the FQDN (fully qualified domain name) which you are trying to reach is
really pointed to the inside IP address of that server.
-----
Scott Perry
Indianapolis, IN
-----
>I have some ports forwarded to the outside interface on my ASA 5505.
> Here is an example:
>
> static (inside,outside) tcp interface pop3 192.168.1.2 pop3 netmask
> 255.255.255.255
>
> I want internal hosts to be able to connect to 191.168.1.2 by using
> DNS. I do not have a DNS server inside, so the hosts would have to
> use public DNS.
>
> In the Cisco Security Appliance Command Line Configuration Guide I
> found something called DNS Reply Modification. I tried it:
>
> static (inside,outside) x.x.x.x 192.168.1.2 netmask 255.255.255.255
> dns (Where x.x.x.x is my outside ip address)
>
> but got some sort of conflict:
>
> WARNING: real-address conflict with existing static
> TCP inside:192.168.1.2/110 to outside:0.0.0.0/110 netmask
> 255.255.255.255
>
> I only have one public ip address, which is why I had to use port
> forwarding. Perhaps that's the problem.
>
> Is there any way to accomplish this?
>
> Thanks
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map