f



redirect dns on ASA 5505 to my ISP

Hi,

I have a LAN with static configured IP telephones. All the telephones 
are configured in this way:
IP: 192.168.2.101 (to 110)
GW: 192.168.2.1
DNS 192.168.2.1

At the moment I cannot change the DNS (and other ting on the telephones).

The old firewall (a linksys) have IP: 192.168.2.1 and is the gateway to 
the Internet. All computers receive an IP from the dhcp server (Linksys 
192.168.2.1) and two DNS IP�s from my ISP.

All telephones uses 192.168.2.1 as the DNS and it works because it 
redirects to the ISP DNS.

Now I want to use a Cisco ASA 5505 instead of the Linksys. But it does 
not redirect DNS requests to my ISP like the old one.
How can I configure that?

Best regards
Martin
0
Martion
12/9/2008 8:18:46 PM
comp.dcom.sys.cisco 25310 articles. 0 followers. Post Follow

5 Replies
1182 Views

Similar Articles

[PageSpeed] 44

* Martion wrote:
> Now I want to use a Cisco ASA 5505 instead of the Linksys. But it does 
> not redirect DNS requests to my ISP like the old one.
> How can I configure that?

static (outside,inside) udp 192.168.2.1 53 dns 53
static (outside,inside) tcp 192.168.2.1 53 dns 53

Yes. Static and nat are not limited by the security-level direction anymore.
0
Lutz
12/9/2008 10:52:00 PM
Lutz Donnerhacke skrev:
> * Martion wrote:
>> Now I want to use a Cisco ASA 5505 instead of the Linksys. But it does 
>> not redirect DNS requests to my ISP like the old one.
>> How can I configure that?
> 
> static (outside,inside) udp 192.168.2.1 53 dns 53
> static (outside,inside) tcp 192.168.2.1 53 dns 53
> 
> Yes. Static and nat are not limited by the security-level direction anymore.

I get a wrong hostname regarding "dns" in this command...

Best regards
Martin
0
Martin
12/10/2008 7:48:23 AM
* Martin wrote:
> Lutz Donnerhacke skrev:
>> * Martion wrote:
>>> Now I want to use a Cisco ASA 5505 instead of the Linksys. But it does 
>>> not redirect DNS requests to my ISP like the old one.
>>> How can I configure that?
>> 
>> static (outside,inside) udp 192.168.2.1 53 dns 53
>> static (outside,inside) tcp 192.168.2.1 53 dns 53
>> 
>> Yes. Static and nat are not limited by the security-level direction anymore.
>
> I get a wrong hostname regarding "dns" in this command...

Of course. Please read the documentation of this command, then you will know
how to transform newsgroups examples into real world configurations.
0
Lutz
12/10/2008 9:03:01 AM
Martin wrote:
> I get a wrong hostname regarding "dns" in this command...

Replace keyword "dns" with ISP dns ip address.

Wieslaw
0
Wwieslaw
12/10/2008 12:30:53 PM
Wwieslaw skrev:
> Martin wrote:
>> I get a wrong hostname regarding "dns" in this command...
> 
> Replace keyword "dns" with ISP dns ip address.
> 
> Wieslaw

Hi Wieslaw,

Thank you for your aswnser.

But still when using the ASA's IP as DNS on the clients, they can not 
resolve names to ip's.

I do not have any outgoing access-lists but do I need to configure 
something else?

Best regards
Martin
0
Martion
12/11/2008 8:32:14 PM
Reply:

Similar Artilces:

new to cisco asa 5505
Hi everyone. I'm working on a school project and as I'm extremely new to cisco devices I could use some help. I have the base license. I've created an inside, outside, and dmz VLAN. I can currently access a webpage I have hosted on one of the DMZ hosts externally. Now, the problem is that if I want to access it from an inside host I can only type in the external address, not the dmz host's address. If i switch around a single NAT rule I can access it by typing in the DMZ address, but not the external address. It is accessible the entire time from the outside. How would I...

Cisco ASA 5505 Licensing
Hi I'd appreciate it if someone could answer this for me: Do I need to reboot my ASA 5505 to upgrade from one license to another? ASA5505-BUN-K9 ASA5505-50-BUN-K9 ASA5505-UL-BUN-K9 ASA5505-SEC-BUN-K9 I believe this is done by using this command: activation-key [activation-key-four-tuple| activation-key-five-tuple] Are these licenses tied to the ASA's serial number or can I pre- purchase a license and use it on a device when I need it? Thank you billybob.ng@googlemail.com writes: >I'd appreciate it if someone could answer this for me: >Do I need to reboot my ASA 5505 t...

Cisco 871 or ASA 5505
I have two branch offices, each has only 2 users and 2 printers, which are going to connect to their main office thru the VPN tunnels so that each branch office can access the main office and the main office can also access the branch resources ( printers ) . I plan to use either the Cisco 871 or ASA 5505 at the branch offices for this requirement. Is there any reason to select this device over the other ? Any advice is greatly appreciated. DT <dt1649651@yahoo.com> wrote in message news:c6883e1e-2832-48d5-ba25-385b2e4cf7c0@a70g2000hsh.googlegroups.com... >I have two branch offi...

CISCO ASA 5505 Failover
I have followed the procedures in the Cisco documents to setup a failover pair (active/stand-by) of Cisco ASA 5505 (ASA5505-SEC-BUN-K9) but the failover does not initiate properly. I have tried both straight and cross-over cables, have tried different interfaces (2 and 7) of the firewall and have ensured that the: 1) Software versions are the same 2) Identical Licences 3) # interfaces and types are the same 4) Flash memory and Ram are the same size. Result of the command: "show version" Cisco Adaptive Security Appliance Software Version 7.2(2) Device Manager Version 5.2(2) Compil...

Cisco ASA-5505 and MPLS
Have a Cisco 2431 router with two interfaces e0/0 and e0/1. e0/1 is providing the internet connection and e0/0 will be used for MPLS. the e0/0 int will go into the 3rd port on the ASA-5505 I will route MPLS traffic to that and internet traffis to e0/0 on the ASA. Do I have to use hairpining intra-site and inter-site? ...

ASA 5505 Dual ISP
Hi, Want to setup ASA 5505 with dual isp connections. I have found various articles that describe how to set this up but none so far have addressed how to handle static nat objects. We have mail, web servers that use static nat and want to ensure these use new natted ip when the ASA fails over. Is this possible? Please advise, and advise will be greatly appreciated. Thanks, Marlon "Marlon" <mvelasco2@gmail.com> wrote in message news:37581e61-284c-4b11-b59a-4b7441b1fe15@a6g2000vbp.googlegroups.com... > Hi, > > Want to setup ASA 5505 with dual isp connections. ...

Cisco ASA 5505 VPN issue
I just installed an ASA550 on my home network and now I have a problem with connecting 2 PPtP vpn connections using either of the XP or Vista VPN connections. These connnections worked fine until I installed the ASA. Now they both contact the remote VPN locations, but fails when trying to authenticate. The Vista client gives 'error 806: The VPN connection between your computer and the VPN server could not be completed.' From the XP clien, the error states 721:The remote computer did not respond. Here is my current ASA config: ASA Version 7.2(2)33 ! hostname ciscoasa domain-name defa...

Cisco ASA 5505 URL Blocking
Hi, I would like to block all URLs on the Outside Network for a specific inside host. Furthermore I would like to exclude a few outside URLs from the general " all URLs blocked" which shall be accessible by the specific host. Is it possible with an ASA Box. To make it clear again: a specific inside Host should only be allowed to access external URLs which are explicitly allowed in the FW. All other traffic to the outside world should be disallowed. All other inside hosts on the Network should not be affected by this policy. Is this possible with an ASA 5505? H...

Cisco ASA 5505 VPN timeout?
A user is reporting that his VPN session times out after seven hours and thirty-eight minutes (7:38). In the Cisco ASA 5505 where do I find and change the timeout. This seems like such an odd value. Mike -- Posted via a free Usenet account from http://www.teranews.com ...

Cisco ASA 5505 VPN Help
This is my first Cisco product that I've tried using the new (ASDM) GUI interface to set up. I have to say that I'm surprised at how difficult the GUI interface is for configuration compared to other products. But maybe I just need to learn my way around it more. Can someone help me with the VPN and GUI? I configured VPN via the GUI, but I do not see any way to check the status of the VPN or even a place to "connect" and/or "disconnect" (bring up/down). I'm trying build a tunnel to a LinkSys WRV54G. Does the GUI provide this level of support or do I need to go back to the command line? How do I know if the Cisco is trying to connect? Are there any good books or docs on how to sue the new GUI (ASDM)? Thanks:) On Dec 7, 2:09 pm, tdenham...@gmail.com wrote: > This is my first Cisco product that I've tried using the new (ASDM) > GUI interface to set up. I have to say that I'm surprised at how > difficult the GUI interface is for configuration compared to other > products. But maybe I just need to learn my way around it more. > > Can someone help me with the VPN and GUI? > > I configured VPN via the GUI, but I do not see any way to check the > status of the VPN go to: monitoring (tab on top of the gui) -> vpn or even a place to "connect" and/or > "disconnect" (bring up/down). to disconnect: monitoring (tab on top of the gui) -> vpn -> vpn statistics -> sessions -...

QoS on Cisco ASA 5505 (DSL)
I have a site with a DSL connection and I'd like to implement outgoing QoS for VoIP. I am aware that the QoS cannot be guaranteed on the inbound (unless done from the ISP) but at this time I'm only having issues when the users on-site are uploading data to an FTP site. I had a similar site 2-3 years ago where I successfully did this, however I do not have a copy of the configuration file, and am having difficulty duplicating what I did back then. Basically as soon as they start uploading files to the FTP site the call data starts cutting in and out. This is my current c...

Forwarding Ports through a Cisco ASA 5505
Hi There, If someone could help me that would be great. I have a Cisco ASA 5505 that I'm trying to configure to allow any Internet IP Address to come through port 3206 and get to a workstation on the Internal network on the same port. I've changed my Outside IP in the following information for security sake. Also, I've typically been using the Cisco ASDM utility to perform the configuration as I'm not familiar with many of the command line commands (but feel free to help me via command line instructions if that's what you know). My setup is like this: Outside IP = 1.2.3....

Cisco PIX or ASA DNS Question
Is there any way in either the Cisco PIX 515E or in an ASA to setup objects as DNS names instead of by IP address? I need to be able to allow FTP access to a site such as ftp.hp.com instead of the ip address 15.192.45.22. In article <1191865411.366346.8430@d55g2000hsg.googlegroups.com>, jmiddleton <jmiddleton@gmail.com> wrote: >Is there any way in either the Cisco PIX 515E or in an ASA to setup >objects as DNS names instead of by IP address? I need to be able to >allow FTP access to a site such as ftp.hp.com instead of the ip >address 15.192.45.22. No, there isn'...

Cisco ASA 5505
Hallo all! I'm planning big reconstruction on out office network. Regarding our plan I have few questions and please, if you can help, please do! Thank you in advance! Now we have HP Proliant ML350 server (we are using it mainly as file and print server), 24 switch HP Procurve 2524, 20 pcs Windows XP desktop PC and notebooks and 3 Linksys AP. Our internet connection is shared 5/5 Mbps link with most closed ports except for web, e-mail and other only basic usage. We have static IP address. Our plan is to allow our employees to connect to server through VPN, start Exchange e-mail server w...

Cisco ASA 5505 causing network down
Hi all, I have done following config on ASA 5505, ASA Version 7.2(3) ! hostname FW1 domain-name STJOHN enable password * encrypted names name 10.6.1.1 GlobalIP ! interface Vlan1 nameif inside security-level 100 ip address 1.1.8.1 255.255.0.0 ! interface Vlan2 nameif outside security-level 0 ip address GlobalIP 255.255.255.248 ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! passwd 2KFQnbNIdI.2KYOU encrypted ftp mode pas...

Cisco!! Cisco!! Cisco!!
From http://groups.google.com/group/comp.dcom.sys.cisco/about Top posters This month 18 mer...@geeks.org 11 alagmy 10 bo...@hotmail.co.uk 9 galt...@hotmail.com 9 nom...@example.com 8 troffa...@hotmail.com 8 igor.mamuzicmakni_...@zg.t-com.hr 7 pfisterf...@gmail.com 7 darfun....@gmail.com 6 jfmezei.spam...@vaxination.ca All time 4799 rober...@ibd.nrc-cnrc.gc.ca 2930 aaron@cisco.com 2813 Merv 2370 t...@cisco.com 2356 vcjo...@networkingunlimited.com 1984 b...@cisco.com 1959 bar...@genuity.net 1898 hb...@_nyc.rr.com.remove_ 1745 u...@alp.ee.pbz 1670 bar...@bbnplanet.com -- ...

ASA 5505 and Cisco Client VPN pass-through
With the old PIX v6 multiple Cisco VPN clients on the inside could not reach a remote host. For example, visitors come to your location where you are using a PIX firewall with VPN and they cannot use Cisco Client to VPN to their home office. Is the ASA 5505 v7.2.3 any better at this? Thanks! -Bob "just bob" <kilbyfan@aoldotcom> wrote in message news:E5mdnfN95J-fGoLVnZ2dnUVZ_vGdnZ2d@supernews.com... > With the old PIX v6 multiple Cisco VPN clients on the inside could not > reach a remote host. For example, visitors come to your location where you > are usin...

Ping a untrust interface at cisco asa 5505
Hi all, what must i set in the ASDM when i will ping a outside interface? I have set properties->device adminstation->ICMP Rules. I have add the a rule that any ICMP Typs, any address on the outgoing interface are permited... But i cant ping the ip address of the outside interface. What make i wrong? It?s my first time with a Cisco ASA. Can my help please someone. Thanks. Bye, Michael "Michael Kuhn" <m.kuhn@terraskill.de> wrote in message news:46d81aa3$1@news.arcor-ip.de... > Hi all, > > what must i set in the ASDM when i will ping a outside interface? ...

Cisco ASA 5505 configuration for PPPOE/BellSouth
Hello all, I just purchased a Cisco ASA 5505 and I am having trouble configuring my device to work with my BellSouth DSL connection. I tried placing the Netopia 3347NWG in what's called bridge mode but then configure the 5505 for PPPOE but authentication continued to fail. Now I am going to try PPPoE with a Routed Subnet, using the instructions from the Netopia link below (http://www.netopia.com/ support/hardware/technotes/CQG_042.html) I am including my current 5505 conf for your viewing. Any help or advice would be greatly appreciated. -JT- hostname JASZLINK-5505 domain-name jaszlin...

New Cisco ASA 5505 Appliance Help?
Hello, I'm trying to setup a Cisco 5505 to tunnel to a LinkSys VPN router, but not having much luck. I'd like to do IPSec 3des/md5, PSK and PFS. I'm new to the Cisco ASA (mostly command line history), but was trying to find a place in the ADSM launcher to show the status of the VPN? Is there such a view on the ADSM? Is there a place to stop/start the VPN tunnel? Seems I'm not having much luck talking to the LinkSys WRV54. This linksys WRV54 will not talk to FreeSWAN like the older LinkSys BEFVP41:( I'm hoping it will talk to the Cisco 5505. Thanks in advance! ...

ASA 5505 as hardware vpn client to PIX 501 or ASA 5505 with network extension mode activated
Hi! We have been using a PIX 501 for a couple of years now to access a local network with Cisco VPN software client. However we now need access from another site with multiple users so I decided to buy two ASA 5505 UL bundle to do the job. First i tried to just hook up the new ASA at the remote site and connect to the PIX 501 with easy vpn. In went fine. I configured the new ASA right from the box with the old vpn profile settings and it worked right away. But as we also need the remote site to be accessed from the main site (PIX side) i tried to enable "network extension mode" but ...

Cofiguring ASA 5505: Static IP, DNS, Gateway
Hello All, I'm setting up an ASA 5505 for a client and am pretty much done. However, I have a question. Where in the configuration (ASDM Web Interface or CLI) do I enter the default gateway for the ISP? The client is using a DSL modem for access to the internet and they acquired 1 static IP address and was given the primary and secondary DNS plus the default gateway of the ISP. I've configured the ASA but can only see where the IP address and DNS numbers go. Where does the default gateway of the ISP enter into all of this? The DSL modem is set up as a Bridge for the ASA to access...

Another port forwaring example cisco ASA 5505
Just wanted to add another example of how to set up port forwarding on a cisco asa 5505. This is how I managed to get it working. This is an example where the inside network is 192.168.1.0 with netmask 255.255.255.0. The cisco asa has an ip address of 192.168.1.1. I am setting up a rdp and http rule to a server with the IP address of 192.168.1.13 I am doing this by connecting to the ASA with the console cable using the terminal emulator ZOC pro 6.14 from emtec software. bitrate is 9600 8N1. ciscoasa> ena ciscoasa# conf t First some NAT rules ciscoasa(config)# static (inside,outside) t...

asa 5505 + l2l vpn + cisco client vpn
Hi, I'm trying to replace PIX 506[working ok] with asa 5505. But just after swaping them some of the vpn links doesn't work. I can't ping sites. Cisco vpn client access doesn't work too. I was following few cisco manuals but I can't figure out what is missing in my config. Could you pls have a look at my config maybe sth obvious - I hope so. Many thanks. : Saved : Written by enable_15 at 01:48:02.989 UTC Tue Jan 13 2009 ! ASA Version 8.0(4) ! hostname pb domain-name zzzzzzz enable password zzzzzzzzzzzzzz encrypted passwd zzzzzzzzzzzz encrypted names ! interface Vlan1 nam...

Web resources about - redirect dns on ASA 5505 to my ISP - comp.dcom.sys.cisco

Asteroid Redirect Mission - Wikipedia, the free encyclopedia
The Asteroid Redirect Mission ( ARM ), also known as the Asteroid Retrieval and Utilization ( ARU ) mission and the Asteroid Initiative , is ...

What percentage of PageRank is lost through a 301 redirect? - YouTube
Roughly what percentage of PageRank is lost through a 301 redirect? Sam Harries, Exeter, United Kingdom Have a question? Ask it in our Webmaster ...

CloudFlare boss’s Gmail hacked in redirect attack on 4Chan
Content distribution network CloudFlare reset all its customer API keys over the weekend after its CEO’s personal and corporate Gmail was breached ...

Parramatta shootings: We need to redouble our efforts to redirect all at-risk teens from a destructive ...
He was too young to drive, and too young to vote. We may discover why he killed, but we may not. What we can do is boost our efforts to divert ...

Parramatta shootings: We need to redouble our efforts to redirect all at-risk teens from a destructive ...
He was too young to drive, and too young to vote. We may discover why he killed, but we may not. What we can do is boost our efforts to divert ...

Budget 2015: Generic drug prices expected to fall as Government redirects health spending
Patients will benefit from a significant drop in the price of many common drugs with changes due in next week's budget.

Defence review aims to redirect $1B a year in spending
The Department of National Defence today launched a top-down review of how it manages its back office with a goal of finding about a billion ...

Redirect Permanent
Just a little note to tell you this blog has now completely moved to its new home. I hope you find it nicer, especially more mobile-friendly. ...

Colorado governor candidate redirects volunteers to Douglas County races
KUSA-Republican gubernatorial candidate and current Colorado Secretary of State Scott Gessler is wading into a local school board election. ...

China’s ‘Great Cannon’ Uses DDoS Style Redirects for Censorship
... the great firewall works to block traffic by terminating links; it can’t alter the traffic, just stop it. The great cannon modifies and redirects ...

Resources last updated: 3/8/2016 3:27:25 PM