Hi Eric, http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968c8.shtml#problem
Simple nslookup will do the trick. Are you by any chance using the internal DNS server? ASA needs to inspect the DNS query response message in order to rewrite the address field with the internal IP address value (10.1.1.6 in this case). HTH, Andrew On Apr 29, 2010, at 11:45 PM, Eric Magutu wrote: > Hi, > Apologies for the cross posting. > > I have a problem with a NAT on my network. A private IP has been NATed > to a public IP on my network. The public IP can't be reached from > within my network but it can from outside. I have tried to implement > dns doctoring with no success. > This is what I have added in my config > > > static (inside,outside) 209.165.201.15 10.1.1.6 netmask 255.255.255.255 dns > > policy-map type inspect dns preset_dns_map > parameters > message-length maximum 2048 > policy-map global_policy > class inspection_default > inspect ftp > inspect h323 h225 > inspect h323 ras > inspect rsh > inspect rtsp > inspect esmtp > inspect sqlnet > inspect skinny > inspect sunrpc > inspect xdmcp > inspect sip > inspect netbios > inspect tftp > inspect http > inspect icmp > inspect dns preset_dns_map > ! > service-policy global_policy global > > > > How do I verify that the dns rewrite is actually taking place? Is > there something wrong with my config? > > -- > Regards, > Eric Magutu > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
