Cisco ASA 5505 User Manual

Page 579

Advertising
background image

29-25

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 29 Information About NAT

DNS and NAT

and translates the address inside the DNS reply to 10.1.3.14. If you do not enable DNS reply
modification, then the inside host attempts to send traffic to 209.165.201.10 instead of accessing
ftp.cisco.com directly.

Figure 29-22

DNS Reply Modification, DNS Server on Outside

Figure 29-23

shows a user on the inside network requesting the IP address for ftp.cisco.com, which is

on the DMZ network, from an outside DNS server. The DNS server replies with the mapped address
(209.165.201.10) according to the static rule between outside and DMZ even though the user is not on
the DMZ network. The ASA translates the address inside the DNS reply to 10.1.3.14. If the user needs
to access ftp.cisco.com using the real address, then no further configuration is required. If there is also

DNS Server

Outside

Inside

User

130021

1

2

3

4

5

DNS Reply Modification

209.165.201.10

10.1.3.14

DNS Reply

209.165.201.10

DNS Reply

10.1.3.14

DNS Query

ftp.cisco.com?

FTP Request

10.1.3.14

Security
Appliance

ftp.cisco.com

10.1.3.14

Static Translation

on Outside to:

209.165.201.10

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals