IP/Name Resolution issue...
TimParker
hardware that we bought a few months back. (871 routers for the remote
offices and a 5505 for the main office).
I have it configured with an outside, inside and dmz interface. Our
company web server and external mail server naturally live in the DMZ
(192.168.18.x).
The problem is when we try and hit the website it can't seem to get
there. If I had entries in the hosts files on the PC with the Internal
address it works fine. Normally, it would resolve to the external
address (204.210.x.y)
What type of rule do I need. I have tried putting one in both the DMZ
and inside rules sections to allow TCP-HTTP and TCP-HTTPS to the
server in question.
Robert Jacobs
Here's some basics - don't know if they'll work for you, as I don't
know what your config looks like, but maybe this will help a little.
interface Serial0/1
ip address 204.210.x.y 255.255.x.x
ip access-group 123 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect DEFAULT100 out
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
ip nat inside source static 192.168.18.x 204.210.x.y route-map rmap_1
route-map rmap_1 permit 1
access-list 123 permit icmp any host 204.210.x.y echo
access-list 123 permit tcp any host 204.210.x.y eq www
access-list 123 permit tcp any host 204.210.x.y eq smtp
access-list 123 permit tcp any host 204.210.x.y eq 443
access-list 123 permit tcp any host 204.210.x.y eq pop3
access-list 123 permit tcp any host 204.210.x.y eq 143
We'd need to se a bit more of your config for additional help.
Morph
<feb48076-10ac-4e7e...@g31g2000vbr.googlegroups.com>
TimParker wrote:
If I understand correctly you are using a public DNS server and when you
try to access your website from insind of your network, the DNS name is
resolved to the public IP address and you can not access the page?
If this is the case, then have a look at this (DNS Doctoring):
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968c8.shtml
TimParker
doesn't find what it is looking for, it resolves off the internet root
servers (ISP, etc).
On Dec 2, 4:57 pm, Morph <morph.n...@g.m.a.i.l> wrote:
> In the message
> <feb48076-10ac-4e7e-8928-26109053b...@g31g2000vbr.googlegroups.com>
> If this is the case, then have a look at this (DNS Doctoring):http://www.cisco.com/en/US/products/ps6120/products_configuration_exa...
Morph
<a7e84a95-a905-49e2...@d20g2000yqh.googlegroups.com>
TimParker wrote:
Then just create an A record for your webserver that points to the
address in the DMZ. You should do that on your DNS server.
| No, the DNS server is internal on our Network. Naturally, if it
| doesn't find what it is looking for, it resolves off the internet root
| servers (ISP, etc).
|
TimParker
added a "zone file" to the DNS server and gave it the internal IPs.
But now I have to figure out how to
handle my remote VPN users. They hit the same DNS servers. I think
there must be something config wise that I have to add to the ASA5505.
I just had a user call in that
couldn't get to the mail or web server. I had to manually add entries
to the HOSTS file with the external/routable IPs and it works for
them.
On Dec 3, 8:47 am, Morph <morph.n...@g.m.a.i.l> wrote:
> In the message
> <a7e84a95-a905-49e2-b989-4fb7d2694...@d20g2000yqh.googlegroups.com>TimParker wrote:
>
> Then just create an A record for your webserver that points to the
> address in the DMZ. You should do that on your DNS server.
>
> | No, the DNS server is internal on our Network. Naturally, if it
> | doesn't find what it is looking for, it resolves off the internet root
> | servers (ISP, etc).
> |
Morph
<19a6a368-e6b8-4b1f...@v19g2000vbk.googlegroups.com>
TimParker wrote:
Take a look at the access lists. Are your VPN clients allowed to connect
to the dmz server? See the logs on the ASA to see why the connections
from the VPN clients to the server in DMZ are not working.
Do they have to use the inside DNS server. You can set them up with an
outside DNS and then you won't be having the problem you have.