redirect dns on ASA 5505 to my ISP

  • Permalink
  • submit to reddit
  • Email
  • Follow


Hi,

I have a LAN with static configured IP telephones. All the telephones 
are configured in this way:
IP: 192.168.2.101 (to 110)
GW: 192.168.2.1
DNS 192.168.2.1

At the moment I cannot change the DNS (and other ting on the telephones).

The old firewall (a linksys) have IP: 192.168.2.1 and is the gateway to 
the Internet. All computers receive an IP from the dhcp server (Linksys 
192.168.2.1) and two DNS IP�s from my ISP.

All telephones uses 192.168.2.1 as the DNS and it works because it 
redirects to the ISP DNS.

Now I want to use a Cisco ASA 5505 instead of the Linksys. But it does 
not redirect DNS requests to my ISP like the old one.
How can I configure that?

Best regards
Martin
0
Reply Martion 12/9/2008 8:18:46 PM

See related articles to this posting


* Martion wrote:
> Now I want to use a Cisco ASA 5505 instead of the Linksys. But it does 
> not redirect DNS requests to my ISP like the old one.
> How can I configure that?

static (outside,inside) udp 192.168.2.1 53 dns 53
static (outside,inside) tcp 192.168.2.1 53 dns 53

Yes. Static and nat are not limited by the security-level direction anymore.
0
Reply Lutz 12/9/2008 10:52:00 PM

Lutz Donnerhacke skrev:
> * Martion wrote:
>> Now I want to use a Cisco ASA 5505 instead of the Linksys. But it does 
>> not redirect DNS requests to my ISP like the old one.
>> How can I configure that?
> 
> static (outside,inside) udp 192.168.2.1 53 dns 53
> static (outside,inside) tcp 192.168.2.1 53 dns 53
> 
> Yes. Static and nat are not limited by the security-level direction anymore.

I get a wrong hostname regarding "dns" in this command...

Best regards
Martin
0
Reply Martin 12/10/2008 7:48:23 AM

* Martin wrote:
> Lutz Donnerhacke skrev:
>> * Martion wrote:
>>> Now I want to use a Cisco ASA 5505 instead of the Linksys. But it does 
>>> not redirect DNS requests to my ISP like the old one.
>>> How can I configure that?
>> 
>> static (outside,inside) udp 192.168.2.1 53 dns 53
>> static (outside,inside) tcp 192.168.2.1 53 dns 53
>> 
>> Yes. Static and nat are not limited by the security-level direction anymore.
>
> I get a wrong hostname regarding "dns" in this command...

Of course. Please read the documentation of this command, then you will know
how to transform newsgroups examples into real world configurations.
0
Reply Lutz 12/10/2008 9:03:01 AM

Martin wrote:
> I get a wrong hostname regarding "dns" in this command...

Replace keyword "dns" with ISP dns ip address.

Wieslaw
0
Reply Wwieslaw 12/10/2008 12:30:53 PM

Wwieslaw skrev:
> Martin wrote:
>> I get a wrong hostname regarding "dns" in this command...
> 
> Replace keyword "dns" with ISP dns ip address.
> 
> Wieslaw

Hi Wieslaw,

Thank you for your aswnser.

But still when using the ASA's IP as DNS on the clients, they can not 
resolve names to ip's.

I do not have any outgoing access-lists but do I need to configure 
something else?

Best regards
Martin
0
Reply Martion 12/11/2008 8:32:14 PM
comp.dcom.sys.cisco 25190 articles. 25 followers. Post

5 Replies
650 Views

Similar Articles

[PageSpeed] 34


  • Permalink
  • submit to reddit
  • Email
  • Follow


Reply:

Similar Artilces:

ASA 5505 Dual ISP
Hi, Want to setup ASA 5505 with dual isp connections. I have found various articles that describe how to set this up but none so far have addressed how to handle static nat objects. We have mail, web servers that use static nat and want to ensure these use new natted ip when the ASA fails over. Is this possible? Please advise, and advise will be greatly appreciated. Thanks, Marlon "Marlon" <mvelasco2@gmail.com> wrote in message news:37581e61-284c-4b11-b59a-4b7441b1fe15@a6g2000vbp.googlegroups.com... > Hi, > > Want to setup ASA 5505 with dual isp connections. ...

Q: ASA 5505 (Home Office)
Hi, I have read that the ASA5505 is to be released soon - any ideas when ? Also I have read that the V7.2, that the ASA5505 starts with, supports Dual ISP (could be that other 7.x version does aswell - i dunno) How is this done ? And how does it work ... Regards Martin Bilgrav In article <4USZg.92$nn6.55@news.get2net.dk>, Martin Bilgrav <bilgravCUTTHISOUT@tiscali.dk> wrote: >I have read that the ASA5505 is to be released soon - any ideas when ? Hmmm, it's on the order books of some places, and I found a couple that *appear* to be indicating they have stock, but I&#...

Cofiguring ASA 5505: Static IP, DNS, Gateway
Hello All, I'm setting up an ASA 5505 for a client and am pretty much done. However, I have a question. Where in the configuration (ASDM Web Interface or CLI) do I enter the default gateway for the ISP? The client is using a DSL modem for access to the internet and they acquired 1 static IP address and was given the primary and secondary DNS plus the default gateway of the ISP. I've configured the ASA but can only see where the IP address and DNS numbers go. Where does the default gateway of the ISP enter into all of this? The DSL modem is set up as a Bridge for the ASA to access...

ASA 5505 as hardware vpn client to PIX 501 or ASA 5505 with network extension mode activated
Hi! We have been using a PIX 501 for a couple of years now to access a local network with Cisco VPN software client. However we now need access from another site with multiple users so I decided to buy two ASA 5505 UL bundle to do the job. First i tried to just hook up the new ASA at the remote site and connect to the PIX 501 with easy vpn. In went fine. I configured the new ASA right from the box with the old vpn profile settings and it worked right away. But as we also need the remote site to be accessed from the main site (PIX side) i tried to enable "network extension mode" but ...

ASA 5550 behind ASA 5505
Hi all, excuse me at first if i don't explain this properly, i'll try... I have one internet link, and two ASA5505's, and two "networks" that need access from and to internet. The main idea is that 1st 5505 would be configured with 3 interfaces - In,Out, DMZ. Through DMZ i would forward all traffic from one public ip (exmpl. x.x.x.5) to 2nd 5505. Basically DMZ on 1st 5505 would be connected to Out interface on 2nd 5505, and not filtering anything. Out interf. on 1st 5505 would have other pub ip (exmpl. x.x.x.4). Behind both 5505's i have different subn...

local dns - isp dns
Hi! We are going to organize a little lan party in a few weeks. so we set up a dhcp, webserver, some gameserver and a dns server. our tld is .lanparty and sld is oldgamers. so we can access all server via server1.oldgamers.lanparty, www.oldgamers.lanparty aso. everything is working fine. but now we also got an internet connection and i would like to forward? the requests to internet domains throught our dns server. our gateway-pc has two nics - 192.168.0.1 is, of course, our local ip. our dhcp server normally assignes all pc�s with our local dns server ip. so internet doesn�...

How can I setup my DNS when my ISP DNS crashes
Running bind 9.1.2 with an internal and an external zone. Frequently, now days, my ISP's servers crash and my two local dns servers then fail to provide external name resolution during those lapses. My WWW/FTP servers remain visible to the outside, because I switched to Netsol for my domain's external DNS. However, I am now blind internally and end up having to go to tracert.com(/etc/hosts) for manual name resolution... Question, I do have a "." zone and db.root defined, but no joy. How do I get bind to feed its cache from the internet root servers, when my ISP forwarders...

How can I setup my DNS when my ISP DNS crashes
Running bind 9.1.2 with an internal and an external zone. Frequently, now days, my ISP's servers crash and my two local dns servers then fail to provide external name resolution during those lapses. My WWW/FTP servers remain visible to the outside, because I switched to Netsol for my domain's external DNS. However, I am now blind internally and end up having to go to tracert.com(/etc/hosts) for manual name resolution... Question, I do have a "." zone and db.root defined, but no joy. How do I get bind to feed its cache from the internet root servers, when my ISP...

DNS Internet root servers and ISP DNS servers
I have a DDNS with DHCP , both servers running in our Iseries, wich is performing well to resolve intranet names. I have configured internet root servers in order to resolve internet names, but it takes about 2 seconds to resolve names. How should I configure my ISP servers instead of root internet DNS? I have tryed to delete all root servers and configure our ISP's DNS as remote name servers but it does not work. � Any clue or tip ? Thanks in advance. On Jun 16, 8:03=A0am, "CENTRINO" <na...@agunolandia.com> wrote: > I have a DDNS with DHCP , both servers runn...

Asa and Dns
We have recently switched to an asa 5500 series from another manufacturer's firewall. I previously had an A record in dns(microsoft AD dns)that mapped to our mail server(for owa access). After our firewall migration to the pix/asa i've noticed that this A record no longer worked and i had to access owa internally via ip address. To resolve this i'm having to create a local dns zone(with multiple records). I'm wondering why i need to create a local dns zone to get this resolution to work with the Asa. On my previous firewall i didn't need to do this. Thanks ...

ASA 5505
I wasnt to use an ASA 5505 as my office firewall but have also to consider outgoing traffic With the AS 5505 can i filter which websites and ports the internal users are allowed to access per IP address Different users have different requirements or do I need somthing else to do that I am not that concerned about caching web pages the main thing is to block certain sites from certain users On Dec 29 2010, 10:38=A0am, Supersleuth <np...@hotmail.com> wrote: > I wasnt to use an ASA 5505 as my office firewall but have also to > consider outgoing traffic > ...

dns and isp redundancy ? why would i need to restart bind after a isp failover ?
Hi, One of our customers has a firewall setup with isp failover (meaning, when one link to internet fails, we can switch to a standby link from another provider). Obviously, in this case our public ip adress also changes. Normally, this should not have any influence on the applications. However, today we had to switch over to another provider, and we noticed that our internal dns server wouldn't resolve any external adresses anymore. we always got a 'no servers could be reached' whenever we tried to resolve a domain that wasn't local or in the cache. We solved ...

dns of my isp?
How can I find out what the dns of my cable company is? it is optonline.net I want to set up a windows 2000 server and point my domain name to that pc at home thanks Danny wrote: > How can I find out what the dns of my cable company is? > it is optonline.net > > > I want to set up a windows 2000 server and point my domain name to that pc > at home Try whois command: Registrant: CSC Holdings, Inc (OPTONLINE2-DOM) 1111 Stewart Avenue Bethpage, NY 11714-3533 US Domain Name: OPTONLINE.NET Administrative Contact: Admi...

ASA 5505 help
We switched ISP's and had a PIX 515e. The new firewall is a ASA 5505. We use a managed service to configure our Cisco gear. When we switched to the ASA 5505 we are not able to get out to the web behind a Linksys router. The router IP is on the on main lan and behind the router is another lan. It works fine until we added a static map from the outside IP of the ISP to the IP of the Linksys router. If we delete the static map it works. My cisco guy is telling me the ASA is considering this a hack and it won't work. I don't buy this answer as it worked on the PIX and there must...

ASA
Hello, Hopefully someone else has done this before or has some info on how it can be implemented. In a nutshell I have a fairly large WAN setup with fiber and T1's to remote sites all using OSPF routing protocol. The main site has an ASA 5520 with a 5mb pipe to the internet via a switch. The ISP is also going to drop a second Internet connection to one of the other locations (which we are making into a backup data center) The ISP is also going to provide failover using BGP. So the IP Addresses at both sites will be the same. I was hoping to be able to use a second ASA and su...

Redirect DNS on 3640
Is it possible on Cisco 3640 to redirect all DNS requests to a certain DNS server? I have a large number of users trying to use a couple DNS servers that are now gone due to a backbone change. I want to redirect any UDP port 53 packets coming in the ethernet interface to a DNS server at 12.127.16.69 or AT&T DNS server. I imagine it should be setup so any DNS requests going to the backup server 12.127.17.72 should be untouched. Is this possible? Matt In article <vv64irbh9rq42d@corp.supernews.com>, Matt <nospam.hciss@yahoo.com> wrote: :Is it possible on Cisco 3640 to redi...

ISP DNS servers
Hi, When I connect to my ISP to get online, it seems to me that the DNS server it assigns to me is now on the same LAN as I am (or can be thought to be of as such) (I'm broadband btw), so....... why is the DNS server IP it gives me not a 192.168... class address. The address I get is just a normal Internet IP, the same as would have been used had I been connecting to it from anywhere in the world. This seems to me to be slightly innefficient. Be kind :) I just got my computer installed and running and I'm trying to teach myself as much as I can (as you can probably tell from the flo...

asa 5505 + l2tp
Hi, I was following the below doc to configure basic l2tp access for win XP default vpn network connection: http://cisco.com/en/US/docs/security/asa/asa80/configuration/guide/l2tp_ips.html l2tp config lines: ip local pool MS-POOL 192.168.22.90-192.168.22.99 crypto ipsec transform-set MICROSOFT esp-des esp-md5-hmac crypto ipsec transform-set MICROSOFT mode transport crypto isakmp enable outside1 crypto isakmp nat-traversal 20 l2tp tunnel hello 50 group-policy MS-GROUP-POLICY internal group-policy MS-GROUP-POLICY attributes wins-server value 192.168.22.1 dns-server value 192.168.22.1 userna...

ISP DNS Hosting
I am now working for a company who does not do their own DNS hosting. For whatever reasons, they feel it is better to host their DNS servers at their ISP rather than in our own DMZ. They believe that their DNS servers would be more reliable if they are hosted off-site. I have reservations about that. It seems unnecessary, less manageable, and to have greater security risks as well as longer resolution time, at least for hosts in our DMZ that would use those servers. I would like to get the opinions of this group about the pro/cons of this. Isn't it more difficult to react to secu...

ISP DNS IPs
Hi, I had a bit of trouble getting a dial up modem to access the Internet on FreeBSD (4.10). Not with hardware but with DNS server settings. I had "enable dns" in the ppp.conf file but when the connection was established the machine couldn't resolve names. It could ping anything, but only by IP address. I logged on to my ISP with my win PC and took a note of the DNS servers it was allocated and put the IPs in the resolv.conf file. This fixed the problem of course but I'd rather find a way of Freebsd picking up the DNS server IPs automatically, incase the numbers ...

Redirect all dns resquet
Hi, I would like to know if it's possible to redirect all request dns on a bind server to an url or apache server. For example, the client go to www.google.com, and with my dns, the request go to an other url. Thanks, Laurent ...

Redirect DNS Requests
We are a small ISP with dialup and wireless accounts. We just inherited the Dialup side of another ISP. Many of his users have statically assigned DNS entries and some point at IP's that occasionally just don't answer. We are on AT&T now. We use Mikrotik Linux based routers. They have configurable firewalls that allow things including Redirect and NAT. Would it be possible to use NAT to redirect all UDP port 53 packets to AT&T's DNS servers? Would this cause total chaos? We have tried it and it seems to work for the users with the wrong static DNS servers ...

Redirecting URL with DNS
Hello, I have a web server with a DNS server. We have serveral domain names, for example www.a.com and www.b.com. I would like to do the following thing : when someone click on www.b.com, the DNS redirect to www.a.com. And the client would have in his browser www.a.com So, is it possible to do that within a DNS server, othrewise, how should I do that ? Thanks for your help, Herve. ...

ASA 5505 Configuration Problems
I am trying to configure an ASA 5505 to allow Remote Desktop Protocol from outside to a host on the inside network. I created a Security Policy and a Static NAT Rule. But it does not work. Here is my configuration. Any suggestions would be appreciated. This is my first experience with a Cisco security device. I used the ASDM to configure the ASA 5505. Thanks sh run : Saved : ASA Version 7.2(3) ! hostname nurm domain-name mydomain.com enable password X7L14fUbqxvIsSKn encrypted names ! interface Vlan1 nameif inside security-level 100 ip address 192.168.1.1 255.255.255.0 ...