Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > DNS query to internal DNS server from static NAT host

Reply
Thread Tools

DNS query to internal DNS server from static NAT host

 
 
none
Guest
Posts: n/a
 
      04-24-2006

I had my workstation setup on a static NAT address with the following ...

static (inside,outside) 1.2.3.4 10.16.61.247 netmask 255.255.255.255

and the following ACL applied to the outside interface ...

access-list outside_access_in extended permit tcp any host 1.2.3.4 eq
3389

under PIX 7.0 software - with this in place my workstation can't do a
DNS lookup using an internal DNS server.

What do I need to make this work? I have a very similar setup in PIX 6.3
working.

TIA


 
Reply With Quote
 
 
 
 
info@blueconsole.com
Guest
Posts: n/a
 
      04-24-2006
You weren't very clear here as to whether you workstation and DNS
server are on the Inside or Outside.
Also note that although there is an explicit PERMIT from a higher
security interface (Inside) to lower security (Outside), if you have
any ACL applied inbound on the Inside then that explicit PERMIT is
gone. You have to allow the DNS (UDP 53) in your ACL.
http://www.cisco.com/univercd/cc/td/....htm#wp1043290

Steve Griffin
www.blueconsole.com (Bluetooth Wireless Console Cable)

 
Reply With Quote
 
 
 
 
none
Guest
Posts: n/a
 
      04-24-2006
On Sun, 23 Apr 2006 18:24:09 -0700, info wrote:

> You weren't very clear here as to whether you workstation and DNS
> server are on the Inside or Outside.


DNS and workstation are both inside - and a "permit ip any any" ACL is
applied in to the inside interface.


 
Reply With Quote
 
none
Guest
Posts: n/a
 
      04-24-2006
On Sun, 23 Apr 2006 21:04:04 -0400, none wrote:


> I had my workstation setup on a static NAT address with the following
> ...
>
> static (inside,outside) 1.2.3.4 10.16.61.247 netmask 255.255.255.255
>
> and the following ACL applied to the outside interface ...
>
> access-list outside_access_in extended permit tcp any host 1.2.3.4 eq
> 3389
>
> under PIX 7.0 software - with this in place my workstation can't do a
> DNS lookup using an internal DNS server.
>
> What do I need to make this work? I have a very similar setup in PIX
> 6.3 working.
>
> TIA


Found the fix ...

Needed this instead

static (inside,outside) tcp 1.2.3.4 3389 10.16.61.247 3389 netmask
255.255.255.255

Thanks!



 
Reply With Quote
 
rave
Guest
Posts: n/a
 
      04-24-2006
this cannot be the fix. what you are doing here is port redirection.
earlier you were mapping a one to one ip.
this cannot be the fix, you are missing something here.

 
Reply With Quote
 
none
Guest
Posts: n/a
 
      04-25-2006
On Mon, 24 Apr 2006 15:52:53 -0700, rave wrote:

> this cannot be the fix. what you are doing here is port redirection.
> earlier you were mapping a one to one ip. this cannot be the fix, you
> are missing something here.


Thanks for making me think harder on why it worked ...

Yes it resolved my problem but I actually originally misdiagnosed the
problem, as it looked like a DNS issue because that's the error I got back
from my browser (stupid Micro$oft browser!) - actually the DNS lookup was
working - it was the return of the web page to my desktop that was not
being allowed to come back because the only inbound port open was
3389.

PAT is actually what I wanted to do - I'm not sure how I got the original
statement - I must have been half asleep while doing the configuration
yesterday.



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Selective source-NAT from Internet to internal host Mark Cisco 0 08-05-2008 02:08 PM
Pix 506e w/5 static outside IPs - How to create a rule to allow ALL tcp/udp traffic from one outside IP to an internal IP (for an internal router/NAT with it's own subnet) kyoo Cisco 22 04-12-2008 03:37 PM
DNS query from outside to internal, public DNS server Lars Bonnesen Cisco 9 04-08-2006 11:16 AM
Cisco PIX 501 - Port forwarded to an internal host via Static NAT doesn't work from internal host JoelSeph Cisco 9 01-23-2006 03:52 PM
internal to internal NAT? Mike Cisco 1 04-21-2004 12:15 PM



Advertisments