10-23
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 10 NAT Examples and Reference
DNS and NAT
Figure 10-18 DNS Reply Modification, DNS Server on Outside
Procedure
Step 1 Create a network object for the FTP server.
hostname(config)# object network FTP_SERVER
hostname(config-network-object)# host 10.1.3.14
Step 2 Configure static NAT with DNS modification.
hostname(config-network-object)# nat (inside,outside) static 209.165.201.10 dns
DNS Reply Modification, DNS Server, Host, and Server on Separate Networks
The following figure shows a user on the inside network requesting the IP address for ftp.cisco.com,
which is on the DMZ network, from an outside DNS server. The DNS server replies with the mapped
address (209.165.201.10) according to the static rule between outside and DMZ even though the user is
not on the DMZ network. The ASA translates the address inside the DNS reply to 10.1.3.14.
DNS Server
Outside
Inside
User
130021
1
2
3
4
5
DNS Reply Modification
209.165.201.10 10.1.3.14
DNS Reply
209.165.201.10
DNS Reply
10.1.3.14
DNS Query
ftp.cisco.com?
FTP Request
10.1.3.14
Security
Appliance
ftp.cisco.com
10.1.3.14
Static Translation
on Outside to:
209.165.201.10
To Next Page
Loading...
Need help?
General
