redirect dns on ASA 5505 to my ISP

Hi,

I have a LAN with static configured IP telephones. All the telephones 
are configured in this way:
IP: 192.168.2.101 (to 110)
GW: 192.168.2.1
DNS 192.168.2.1

At the moment I cannot change the DNS (and other ting on the telephones).

The old firewall (a linksys) have IP: 192.168.2.1 and is the gateway to 
the Internet. All computers receive an IP from the dhcp server (Linksys 
192.168.2.1) and two DNS IP�s from my ISP.

All telephones uses 192.168.2.1 as the DNS and it works because it 
redirects to the ISP DNS.

Now I want to use a Cisco ASA 5505 instead of the Linksys. But it does 
not redirect DNS requests to my ISP like the old one.
How can I configure that?

Best regards
Martin
0
Martion
12/9/2008 8:18:46 PM
comp.dcom.sys.cisco 25295 articles. 0 followers. Post Follow

5 Replies
899 Views

Similar Articles

[PageSpeed] 8
* Martion wrote:
> Now I want to use a Cisco ASA 5505 instead of the Linksys. But it does 
> not redirect DNS requests to my ISP like the old one.
> How can I configure that?

static (outside,inside) udp 192.168.2.1 53 dns 53
static (outside,inside) tcp 192.168.2.1 53 dns 53

Yes. Static and nat are not limited by the security-level direction anymore.
0
Lutz
12/9/2008 10:52:00 PM
Lutz Donnerhacke skrev:
> * Martion wrote:
>> Now I want to use a Cisco ASA 5505 instead of the Linksys. But it does 
>> not redirect DNS requests to my ISP like the old one.
>> How can I configure that?
> 
> static (outside,inside) udp 192.168.2.1 53 dns 53
> static (outside,inside) tcp 192.168.2.1 53 dns 53
> 
> Yes. Static and nat are not limited by the security-level direction anymore.

I get a wrong hostname regarding "dns" in this command...

Best regards
Martin
0
Martin
12/10/2008 7:48:23 AM
* Martin wrote:
> Lutz Donnerhacke skrev:
>> * Martion wrote:
>>> Now I want to use a Cisco ASA 5505 instead of the Linksys. But it does 
>>> not redirect DNS requests to my ISP like the old one.
>>> How can I configure that?
>> 
>> static (outside,inside) udp 192.168.2.1 53 dns 53
>> static (outside,inside) tcp 192.168.2.1 53 dns 53
>> 
>> Yes. Static and nat are not limited by the security-level direction anymore.
>
> I get a wrong hostname regarding "dns" in this command...

Of course. Please read the documentation of this command, then you will know
how to transform newsgroups examples into real world configurations.
0
Lutz
12/10/2008 9:03:01 AM
Martin wrote:
> I get a wrong hostname regarding "dns" in this command...

Replace keyword "dns" with ISP dns ip address.

Wieslaw
0
Wwieslaw
12/10/2008 12:30:53 PM
Wwieslaw skrev:
> Martin wrote:
>> I get a wrong hostname regarding "dns" in this command...
> 
> Replace keyword "dns" with ISP dns ip address.
> 
> Wieslaw

Hi Wieslaw,

Thank you for your aswnser.

But still when using the ASA's IP as DNS on the clients, they can not 
resolve names to ip's.

I do not have any outgoing access-lists but do I need to configure 
something else?

Best regards
Martin
0
Martion
12/11/2008 8:32:14 PM
Reply:
Similar Artilces:

[OT]Re: ISP's that block port 80
[OT, replies redirected] Barry Margolin <barmar@alum.mit.edu> writes: > In article <dju8b5$1kt$1@sf1.isc.org>, "Jeff" <jeep@rahul.net> wrote: > > My point is, I realize bind is targetted for IP's, not ports, > > however, it sure would be a nice addition to the RFC specs and > > bind itself to add port numbers (somehow) as part of this service > > and bypass companies raking in bucks just to have a small webserver > > at your house. > You seem to be confusing bind with the DNS protocol. > Anyway, the DNS spec ...

Multicast DNS and .local
Is there any specific reason why .local is used in draft-cheshire-dnsext-multicastdns instead of (for example) ..local.arpa, which is far less prone to accidental collisions? -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/> ...

551 redirect
Hello. I need set redirecting for some users. I attempt to describe it via virtusertable: a_s_y1@test.dom error:5.1.1:551 User has moved\; please try \<a_s_y@sama.ru\> a_s_y2@test.dom error:551 User has moved\; please try \<a_s_y@sama.ru\> The result: rcpt to:<a_s_y1@test.dom> 551 5.1.1 User has moved; please try <a_s_y@sama.ru> rcpt to:<a_s_y2@test.dom> 553 5.3.0 <a_s_y2@test.dom>... User has moved; please try <a_s_y@sama.ru> Why in the second case the answer 553 with D.S.N. ? And one more question. Can Sendmail use 551 data f...

Redirection if a condition is met
I know this topic has been discussed a few times here and also on php.net, but I cannot find an answer to my specific problem. I check to see if a user is logged in before serving admin.php like so: <?php session_start(); if (!isset($_SERVER['username']) or !isset($_SERVER['password'])) { header("location:http://linux-place.com"); exit; } ?> These are the very first lines in the file. It works perfectly. The problem is that I would like to output a message like "Please login first before accessing the administration panel". How can I do t...

DNS cache
Hi all, Is there a command equivelant to "ipconfig /flushdns" in Windows ? Does Solaris 8 store dnsqueries in a cache ? Thank You very much Best Regards NS ns wrote: > Does Solaris 8 store dnsqueries in a cache ? man nscd Thanks a lot Oscar. Best Regards NS "Oscar del Rio" <delrio@mie.utoronto.ca> a �crit dans le message de news:d3douj$h7u$1@news.mie... > ns wrote: > > > Does Solaris 8 store dnsqueries in a cache ? > > man nscd ...

Re: pharming.. dns cache insertion... #3
> brad, > > doh! hence the question!!!!! > > i got to thinking about this after your 1st email... my basic question was, > is there a list/compilation of valid IP addresses, taking into account that > the list is completely dynamic.. has anyone tried to compile such a list? > how the hell would you even do it? http://www.cymru.com/Bogons/ > my understanding of DNS, and the ancillary issues is quite limited, as i've > never really had to immerse myself into it... > > but i'm curious... > > thanks for your help/replies.....

File redirection
Hi, I want to read a number from a file, increment this number and write back to the file. Want to do this in a script using /usr/bin/sh. Trying to do something like this but it fails. BUILDNUM=$<buildnumber.cfg let BUILDNUM=$BUILDNUM+1 echo $BUILDNUM > buildnumber.cfg Any help. Enda Enda Mannioooo wrote: > I want to read a number from a file, increment this number and write > back to the file. > Want to do this in a script using /usr/bin/sh. Sounds reasonable. > Trying to do something like this but it fails. > BUILDNUM=$<buildnumber.cfg I don't think the $...

starship.python.net DNS problems
There seems to be some kind of problem with Starship's DNS. Until it's fixed, please use the direct IP of 217.160.219.194 -- Aahz (aahz@pythoncraft.com) <*> http://www.pythoncraft.com/ "It is easier to optimize correct code than to correct optimized code." --Bill Harlan Aahz wrote: > There seems to be some kind of problem with Starship's DNS. Until it's > fixed, please use the direct IP of 217.160.219.194 A handy way to fix this is to add this line to your /etc/hosts or %windir%\system32\drivers\etc\hosts file: 217.160.219.194 sta...

Print queue redirection
Anyone done any print queue redirection? I want a way to send all the current and future print jobs of a 'getting fixed printer' to another print queue. My print queues are set up as Network print servers (Jet Direct, etc) There is a /var/spool/lpd/pio/@local/ddi diretory with my queues names in it. I checked recent posts about print redirection. The only I found was from 1995! But this referred to /var/spool/lpd/qdir files. My directory did not have any files in it. I suspect there is not an official IBM way to do this, but perhaps someone has cookbook on how to do it non-IBM. M...

JS URL Sniffer Redirect #2
JS URL Sniffer Redirect I have a need to write a JS that sniffs URL's being click and if a specific one is clicked to redirect it to another. Anyone have any knowledge if this is possible? Rk ...

redirecting standard error
I use popen in C++ to grab the standard output from Unix commands. Is there a similarly simple and fast way to grab standard error as well? I understand Python has different popen commands for different streams, but don't know about C++. Thanks Rob Z wrote: > I use popen in C++ to grab the standard output from Unix commands. Is > there a similarly simple and fast way to grab standard error as well? > I understand Python has different popen commands for different > streams, but don't know about C++. C++ doesn't have popen. It's your OS (UNIX) that does. And ...

Redirecting IO from C++ native library
Wondering if there is any way to redirect the IO from a library loaded with System.loadLibrary()? The library is written in C++. Thanks, josef Josef Svitak wrote: > Wondering if there is any way to redirect the IO from a library loaded > with System.loadLibrary()? The library is written in C++. Have you tried the obvious: * create a new DLL/SO * have your Java code: - call the new DLL/SO and redirect stdout - call the real DLL/SO - call the new DLL/SO and reenable stdout ? Arne Josef Svitak wrote: > Wondering if there is any way to redirect the IO fr...

pix501, port redirecting, aliases
Hello ---publicIP--pix501----LAN (192.168.1.x) I want to put VoIP Gateway into LAN, but with IP addres 10.10.10.111. 1. Is it posibble with pix501 to have 2 networks on LAN ? alias command ? 2. I have to redirect some ports to this gateway (eg. UDP 16384) - how to do this in this case ? regards jarcar <jarcar@gazeta.pl> wrote: > Hello > > ---publicIP--pix501----LAN (192.168.1.x) > > I want to put VoIP Gateway into LAN, but with IP addres 10.10.10.111. > > 1. Is it posibble with pix501 to have 2 networks on LAN ? alias command ? No, you have to do it like...

DNS passthrough on no explicit result?
--001a11c24d762937a204f14669ec Content-Type: text/plain; charset=ISO-8859-1 Hey all, Please forgive me if any of my terminology is off - I have not spent as much time in the documentation as I'd like. I have an odd situation that I would like to know if it is possible and would much appreciate a pointer to any relevant documentation or write-ups. I manage a domain name which, for reasons of reliability, uses an externally managed DNS server (zoneedit). We're looking to add private network DNS for internal machines. I've got BIND up and running on an internal machine. ...

Redirecting keyboard input to daemon
Hello I want to redirect the keyboard input (it can be a PS/2 or an USB keyboard) to a daemon. The idea is to use the keyboard as an input device, without the need to open a session as a user. As a (normal) daemon closes the "standard input" and disassociates from the shell, I need to read the keyboard input from somewhere (maybe /dev/input/keyboard), as I do with other types of input ports (like serial /dev/ttyS0). When I do a "cat /dev/input/keyboard" it says "cat: /dev/input/ keyboard: No such device", so, I don't know if this is the correct...

isp's, passive ftp transfers and security
2 part question, i would be very grateful for any opions! an isp i need to ftp to has just 'turned off' passive transfer support on their servers - this means i can't ftp with my current firewall rules (iptables) the isp says, "oh, all you have to do is change your firewall rules and you will be able to ftp again - it should only take 3 minutes" my 2 questions are: 1. has anyone ever heard of an isp doing this????? i have NEVER come accross a major isp (this is a very big UK isp, Nildram) turning off passive transfers.... it seems completely amateur to me... 2. if i...

Redirect using a J Script
Hi I would like to redirect say from http://mysite.co.uk to http://www.mysite.co.uk but because my home page is html I have to use JS Thank you, Samuel Samuel Shulman wrote: > Hi > > I would like to redirect say from http://mysite.co.uk to > http://www.mysite.co.uk but because my home page is html I have to use JS > Javascript isn't the best solution for this since a lot of people surf without it. Instead set up a meta tag in your html in addition to javascript: <meta http-equiv="refresh" content="5;url=http://www.yoururl.com"> And t...

Redirect
I NEVER use Redirect, but tonight I thought I'd have some fun, and use it. (I lead a dull life) I got carrried away and also Replied and Forwarded, changing the addressee to the same person each time. These two went, but not the redirect which gave this error message 550.5.7.0 From address mismatch envelope (my address, the one asociated with the smtp server I use) and header (the address of who sent it to me) Unless I'm redirecting something I sent to myelf, won't I always get this error with Redirect? Okay, I did a little testing and an email a friend se...

Running Python scripts under W2K with I/O redirection
I apologise if this is a well known problem. I've searched and can't find a clear description or fix. Hope someone can help. I am running my Python scripts under Windows 2000 using Python 2.4 Build 243 from Activestate. If I want to specify a file as standard input to my script I can just enter a command like: H:\> pyscript.py file.inp and that's what I get. All ok so far. However if I enter commands like: H:\> type file.inp | pyscript.py or H:\> pyscript.py < file.inp It doesn't work. I've also tried the variant of parsing for a command line argu...

Basic question about redirecting output
Hi, all. I'm a DBA on an AIX 5.2 system. My main role is DBA, not AIX admin, so I'm relegated to only learning those bits of AIX which I need for my job. So if this seems like a 'basic' question, *sorry*. ;-) My scenario is this: I have a directory with some files in it, and I want to move only those files whose name contains a certain string (ie 'temp') into another directory. I can get the list of these files with ls | grep temp So: can I not take the output of that command and insert it into a mv, kind of like ls | grep tmp | mv <newfolder> ?? ....wh...

RFC 4955 on DNS Security (DNSSEC) Experiments
A new Request for Comments is now available in online RFC libraries. RFC 4955 Title: DNS Security (DNSSEC) Experiments Author: D. Blacka Status: Standards Track Date: July 2007 Mailbox: davidb@verisign.com Pages: 7 Characters: 15417 Updates/Obsoletes/SeeAlso: None I-D Tag: draft-ietf-dnsext-dnssec-experiments-04.txt URL: http://www.rfc-editor.org/rfc/rfc4955.txt This document describes a methodology...

redirect
i have public_html/blog http://mydomain.com/blog how to redirect when user type http://mydomain.com it will show content from http://mydomain.com/blog but at address bar still show http://mydomain.com В Воскресенье 16 ноября 2008 05:36, mykhuzaimi писал: > i have public_html/blog http://mydomain.com/blog > > how to redirect when user type http://mydomain.com it will show > content from http://mydomain.com/blog but at address bar still show > http://mydomain.com Maybe create an index.htm file on mydomain.com, which will contain a big frame where you will load m...

test for redirected stdout from script
From a bash or ksh script, how do I detect that stdout is being sent to a file. test -t 1 always reports the same whether the output of the script is going to a screen or a file. On 2006-11-17, Jack Patteeuw wrote: > From a bash or ksh script, how do I detect that stdout is being sent to > a file. test -t 1 always reports the same whether the output of the > script is going to a screen or a file. It certainly shouldn't. What is the output when you run this: { test -t 1 echo $? >&2 } > /dev/null { test -t 1 echo $? } -- Chris F.A. Johnson, ...

DNS entry for SPF
Can someone confirm that I have entered this DNS entry in correctly for a txt record for SPF? I have changed the names to fictious ones. If I have coded this correctly, I should be authorizing servers with hostnames of six.yada.com, 5.yada.com, ms1.ms2.yadastrett.com and a server with IP address of 206.111.18.65 to send mail on behalf of the domain: "v=spf1 a:six.yada.com a:5.yada.com a:ms1.ms2.yadastreet.com ip4:206.111.18.65 -all" What would have been the difference with using this record vs using an entry of "v=spf1 mx:six.yada.com mx:5.yada.com mx:ms1.ms2....

domain name redirect on OS X
I have OS X (3.9) on my imac. I'm testing a website I am building using the apache server, but have a problem. I need my computer to redirect a domain back to itself. Example. www.domain.com needs to point back to the localhost. how can I do this? so for another example, If I need to change the setting in the computer to redirect a domain name to another. If I type www.domain.com for example, I need the computer to redirect www.domain.com to 192.168.0.3 rather than going to the actual domain. II know it's possible, but I don't know where to start. PLEASE HELP!!! On 20...