Cisco ASA 5505 Configuration Manual page 520
Asa 5500 series
Hide thumbs
Also See for ASA 5505:
- Getting started manual (168 pages) ,
- Administrator's manual (118 pages) ,
- Hardware installation manual (82 pages)
Table of Contents
Advertisement
DNS and NAT
When an inside host sends a DNS request for the address of ftp.cisco.com, the DNS server replies with
the mapped address (209.165.201.10). The adaptive security appliance refers to the static rule for the
inside server and translates the address inside the DNS reply to 10.1.3.14. If you do not enable DNS reply
modification, then the inside host attempts to send traffic to 209.165.201.10 instead of accessing
ftp.cisco.com directly.
Figure 26-18
3
DNS Reply Modification
209.165.201.10
If a user on a different network (for example, DMZ) also requests the IP address for ftp.cisco.com from
Note
the outside DNS server, then the IP address in the DNS reply is also modified for this user, even though
the user is not on the Inside interface referenced by the static rule.
Cisco ASA 5500 Series Configuration Guide using ASDM
26-22
DNS Reply Modification
1
DNS Query
ftp.cisco.com?
2
DNS Reply
209.165.201.10
10.1.3.14
4
DNS Reply
10.1.3.14
DNS Server
Outside
Security
Appliance
Inside
ftp.cisco.com
User
10.1.3.14
Static Translation
on Outside to:
209.165.201.10
5
FTP Request
10.1.3.14
Chapter 26
Information About NAT
OL-20339-01
- Quick Links:
- Starting Asdm
- Downloading the Asdm Launcher
Hide quick links:
Advertisement
Chapters
Table of Contents
