Cisco ASA inside to DMZ issue over public IP

[sudhakar346]

Hi All Seniors,

I have a strange issue in my DMZ,

My ASA is configured with 3 zones on 9.2 version

1. Indside (LAN)

2. OutSide

3. DMZ (where My Exchange box is Placed)

My user connected in the LAN with local DNS are reaching exchange over Private IP address, but users connected to Public DNS (customer requirement) are resolving to public ip address and machine from local lan is not able to reach the exchange over public ip (NAT) address from local lan

Can some please suggest what changes need to done on the ASA to reach the exchange over the public nat ip address from local lan for that customer subnet only, and rest of the lan need to be access from local DNS via private IP address

Thanks

Sudhakar

 

[iggsterman]

Look at "DNS rewrite" option for NAT

 

[kythri]

So your LAN-connected clients using public DNS are trying to hit your public IP address instead of the DMZ IP address like your private-DNS-using clients do?

Build a NAT rule to fix this:

nat (inside,dmz) source dynamic any interface destination static [PUBLIC_IP_OR_OBJECT] [DMZ_IP_OR_OBJECT]