On Fri, 17 Jul 2009, Clue Store wrote:
Hi All,
I'm trying to do DNS doctoring on an asa and for specific reasons I need to
map several different (public) outside IP's the one inside ip as shown
below.
*static (inside,outside) 208.x.x.25 192.168.100.10 netmask 255.255.255.255
dns*
*static (inside,outside) 208.x.x.26 192.168.100.10 netmask 255.255.255.255
dns*
With "static (inside,outside) AddrPublic AddrPrivate netmask
255.255.255.255 dns" in the config,
you're saying:
1) when anyone tries to talk to AddrPublic from the outside, they will get to
AddrPrivate on the inside
2) when AddrPrivate tries to talk to anyone on the outside, it will be seen
there as AddrPublic
3) the DNS response containing AddrPrivate or AddrPublic, depending on
where it is arriving, will have this address translated accordingly. (so
the DNS server on the outside replying AddrPublic to someone on inside,
will have this translated to AddrPrivate; and inside DNS server which
replies the AddrPrivate to the outside, will have it translated to
AddrPublic.)
The (3) is what the "dns" keyword turns on when it is present.
The symmetry of the behaviour prevents having 'many to one' behaviour
that you are looking for - because then it would encounter the conflict or
unpredictability when going outbound.
The simplest way around is to grab a few secondary
rfc1918 addresses and assign them to the host and do the mapping between
those and the public addresses.
For your /27 case, having 30 secondaries does not look terribly exciting,
but assuming the host can survive that, it should do the trick.
cheers,
andrew
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
