Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cisco ASA inside to DMZ issue over public IP

Status
Not open for further replies.

sudhakar346

Technical User
May 14, 2016
1
IN
Hi All Seniors,

I have a strange issue in my DMZ,

My ASA is configured with 3 zones on 9.2 version

1. Indside (LAN)

2. OutSide

3. DMZ (where My Exchange box is Placed)

My user connected in the LAN with local DNS are reaching exchange over Private IP address, but users connected to Public DNS (customer requirement) are resolving to public ip address and machine from local lan is not able to reach the exchange over public ip (NAT) address from local lan

Can some please suggest what changes need to done on the ASA to reach the exchange over the public nat ip address from local lan for that customer subnet only, and rest of the lan need to be access from local DNS via private IP address

Thanks

Sudhakar
 
So your LAN-connected clients using public DNS are trying to hit your public IP address instead of the DMZ IP address like your private-DNS-using clients do?

Build a NAT rule to fix this:

nat (inside,dmz) source dynamic any interface destination static [PUBLIC_IP_OR_OBJECT] [DMZ_IP_OR_OBJECT]
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top