ASA - NAT

Hi Guys

 

I am having a bit of an issue with a Cisco ASA firewall running 9.1(2) this is the first time I have used this later code, so sorry if the answer is obvious.

I have setup the WLAN so that it uses one of the DMZ interfaces, they are using google DNS servers. I have an exchange mail server that is using owa that's located on the inside. Users on the DMZ can't access it, I assume it's because when the Google DNS is resolving the owa address it's reolving it to the outside interface of the firewall, would this be correct?. Is it just the case that I need to setup hairpinning/u-turning (not too sure how this is done) to resolve this problem. I have tried to use the DNS doctoring but couldn't get this to work.

I also have another problem on the same device with the SSL VPN (anyconnect) I can connect to it, I get an IP address from the VPN pool but can't ping/connect to any other device on the network. Is this also a NATing issue or related to the above problem.

Any help would be appreciated.

Thanks

Paul


Comments









  • I would use dns rewrite

    http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/115753-dns-doctoring-asa-config.html



    In regards to the VPN I would
    check twice NAT or maybe sys opt connect permit VPN is turned off.  Can u post the config?





    , 2014, at 9:25 PM, "PaulBT"
    <[email protected]> wrote:







    Hi Guys

     

    I am having a bit of an issue with a Cisco ASA firewall running 9.1(2) this is the first time I have used this later code, so sorry if the answer is obvious.

    I have setup the WLAN so that it uses one of the DMZ interfaces, they are using google DNS servers. I have an exchange mail server that is using owa that's located on the inside. Users on the DMZ can't access it, I assume it's because when the Google DNS
    is resolving the owa address it's reolving it to the outside interface of the firewall, would this be correct?. Is it just the case that I need to setup hairpinning/u-turning (not too sure how this is done) to resolve this problem. I have tried to use the
    DNS doctoring but couldn't get this to work.

    I also have another problem on the same device with the SSL VPN (anyconnect) I can connect to it, I get an IP address from the VPN pool but can't ping/connect to any other device on the network. Is this also a NATing issue or related to the above problem.

    Any help would be appreciated.

    Thanks

    Pau










    INE - The Industry Leader in CCIE Preparation

    http://www.INE.com



    Subscription information may be found at:

    http://www.ieoc.com/forums/ForumSubscriptions.aspx




Sign In or Register to comment.