Hi, I was wondering if anyone can help with the config for an ASA5510.
I have an inside and outside network with one external IP address provided by the ISP. The email server (192.168.1.100) sits on the inside network and I can successfully configure the ASA to allow email to be sent and received using the config below:
Great!!! But when I then try to configure another static NAT to a web server (192.168.1.200) on the inside network using the same outside interface. I am unable to add it as it conflicts with the existing static NAT.
Instead, I configured the first static NAT to use PAT for SMTP and then configured another static NAT using PAT for the web server. Config below:
access-list outside_access_in extended permit tcp any host 184.108.40.206 eq smtp
access-list outside_access_in extended permit tcp any host 220.127.116.11 eq http
Now external connections can reach the Web Server and Email Server
The email server is unable to send email, it is unable to resolve the domain names to IP addresses. I can't even do an nslookup on google.com and all web browsing from the server stops (the default gateway of the Email server is the ASA's LAN IP obviously).
Looking at the logs I see DNS packets (UDP 53) accessing the ISP's DNS servers on the internet but it never seems to resolve them. The source is always the email server port 53 but the reply from the internet DNS server seems to be on different ports which don't have static NAT's
I hope this makes sense to you guys so far any any help or pointers would be appreciated.
I have tried creating Static NAT's and ACL's for TCP/UDP Port 53 but it makes no difference.
The administrator has disabled public write access.
Re: ASA5510 Static NAT email dns problem
7 years 1 month ago #32575