Cisco ASA 5505 Configuration Manual page 788

Asa 5500 series

Hide thumbs Also See for ASA 5505:

Getting started manual (168 pages)

Administrator's manual (118 pages)

Hardware installation manual (82 pages)

Table of Contents

DNS Inspection

erver.example.com IN A 209.165.200.5

interface of the adaptive security appliance. A web client with the IP address 10.10.10.25 is on the inside

interface and a public DNS server is on the outside interface. The site NAT policies are as follows:

The outside DNS server holds the authoritative address record for server.example.com.

Hosts on the outside network can contact the web server with the domain name server.example.com

through the outside DNS server or with the IP address 209.165.200.5.

Clients on the inside network can access the web server with the domain name server.example.com

through the outside DNS server or with the IP address 192.168.100.10.

When a host or client on any interface accesses the DMZ web server, it queries the public DNS server

for the A-record of server.example.com. The DNS server returns the A-record showing that

server.example.com binds to address 209.165.200.5.

When a web client on the outside network attempts to access http://server.example.com, the sequence of

events is as follows:

The host running the web client sends the DNS server a request for the IP address of

server.example.com.

The DNS server responds with the IP address 209.165.200.225 in the reply.

The web client sends its HTTP request to 209.165.200.225.

The packet from the outside host reaches the adaptive security appliance at the outside interface.

The static rule translates the address 209.165.200.225 to 192.168.100.10 and the adaptive security

appliance directs the packet to the web server on the DMZ.

When a web client on the inside network attempts to access http://server.example.com, the sequence of

events is as follows:

The host running the web client sends the DNS server a request for the IP address of

server.example.com.

The DNS server responds with the IP address 209.165.200.225 in the reply.

Cisco ASA 5500 Series Configuration Guide using ASDM

DNS Rewrite with Three NAT Zones

37-2, a web server, server.example.com, has the real address 192.168.100.10 on the DMZ

Configuring Inspection of Basic Internet Protocols

192.168.100.10

192.168.100.1

Show Quick Links

Chapters

Table of Contents

Asa 5510 Asa 5540 Asa 5520 Asa 5550 Asa 5580

Cisco ASA 5505 Configuration Manual page 788

Hide quick links:

Chapters

Related Manuals for Cisco ASA 5505

Related Products for Cisco ASA 5505

This manual is also suitable for:

Table of Contents