Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > IP/Name Resolution issue...

Reply
Thread Tools

IP/Name Resolution issue...

 
 
TimParker
Guest
Posts: n/a
 
      12-02-2009
I just finally finished converting our offices over to using Cisco
hardware that we bought a few months back. (871 routers for the remote
offices and a 5505 for the main office).

I have it configured with an outside, inside and dmz interface. Our
company web server and external mail server naturally live in the DMZ
(192.168.18.x).

The problem is when we try and hit the website it can't seem to get
there. If I had entries in the hosts files on the PC with the Internal
address it works fine. Normally, it would resolve to the external
address (204.210.x.y)

What type of rule do I need. I have tried putting one in both the DMZ
and inside rules sections to allow TCP-HTTP and TCP-HTTPS to the
server in question.

 
Reply With Quote
 
 
 
 
Robert Jacobs
Guest
Posts: n/a
 
      12-02-2009
On Dec 2, 1:20*pm, TimParker <(E-Mail Removed)> wrote:
> I just finally finished converting our offices over to using Cisco
> hardware that we bought a few months back. (871 routers for the remote
> offices and a 5505 for the main office).
>
> I have it configured with an outside, inside and dmz interface. Our
> company web server and external mail server naturally live in the DMZ
> (192.168.18.x).
>
> The problem is when we try and hit the website it can't seem to get
> there. If I had entries in the hosts files on the PC with the Internal
> address it works fine. Normally, it would resolve to the external
> address (204.210.x.y)
>
> What type of rule do I need. I have tried putting one in both the DMZ
> and inside rules sections to allow TCP-HTTP and TCP-HTTPS to the
> server in question.



Here's some basics - don't know if they'll work for you, as I don't
know what your config looks like, but maybe this will help a little.


interface Serial0/1
ip address 204.210.x.y 255.255.x.x
ip access-group 123 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect DEFAULT100 out
ip virtual-reassembly
encapsulation ppp
ip route-cache flow

ip nat inside source static 192.168.18.x 204.210.x.y route-map rmap_1
route-map rmap_1 permit 1

access-list 123 permit icmp any host 204.210.x.y echo
access-list 123 permit tcp any host 204.210.x.y eq www
access-list 123 permit tcp any host 204.210.x.y eq smtp
access-list 123 permit tcp any host 204.210.x.y eq 443
access-list 123 permit tcp any host 204.210.x.y eq pop3
access-list 123 permit tcp any host 204.210.x.y eq 143

We'd need to se a bit more of your config for additional help.
 
Reply With Quote
 
 
 
 
Morph
Guest
Posts: n/a
 
      12-02-2009
In the message
<(E-Mail Removed)>
TimParker wrote:

| I just finally finished converting our offices over to using Cisco
| hardware that we bought a few months back. (871 routers for the remote
| offices and a 5505 for the main office).
|
| I have it configured with an outside, inside and dmz interface. Our
| company web server and external mail server naturally live in the DMZ
| (192.168.18.x).
|
| The problem is when we try and hit the website it can't seem to get
| there. If I had entries in the hosts files on the PC with the Internal
| address it works fine. Normally, it would resolve to the external
| address (204.210.x.y)
|
| What type of rule do I need. I have tried putting one in both the DMZ
| and inside rules sections to allow TCP-HTTP and TCP-HTTPS to the
| server in question.

If I understand correctly you are using a public DNS server and when you
try to access your website from insind of your network, the DNS name is
resolved to the public IP address and you can not access the page?

If this is the case, then have a look at this (DNS Doctoring):
http://www.cisco.com/en/US/products/...807968c8.shtml
 
Reply With Quote
 
TimParker
Guest
Posts: n/a
 
      12-03-2009
No, the DNS server is internal on our Network. Naturally, if it
doesn't find what it is looking for, it resolves off the internet root
servers (ISP, etc).

On Dec 2, 4:57*pm, Morph <(E-Mail Removed)> wrote:
> In the message
> <(E-Mail Removed)>
>
> TimParker wrote:
>
> | I just finally finished converting our offices over to using Cisco
> | hardware that we bought a few months back. (871 routers for the remote
> | offices and a 5505 for the main office).
> |
> | I have it configured with an outside, inside and dmz interface. Our
> | company web server and external mail server naturally live in the DMZ
> | (192.168.18.x).
> |
> | The problem is when we try and hit the website it can't seem to get
> | there. If I had entries in the hosts files on the PC with the Internal
> | address it works fine. Normally, it would resolve to the external
> | address (204.210.x.y)
> |
> | What type of rule do I need. I have tried putting one in both the DMZ
> | and inside rules sections to allow TCP-HTTP and TCP-HTTPS to the
> | server in question.
>
> If I understand correctly you are using a public DNS server and when you
> try to access your website from insind of your network, the DNS name is
> resolved to the public IP address and you can not access the page?
>
> If this is the case, then have a look at this (DNS Doctoring):http://www.cisco.com/en/US/products/...figuration_exa...


 
Reply With Quote
 
Morph
Guest
Posts: n/a
 
      12-03-2009
In the message
<(E-Mail Removed)>
TimParker wrote:
Then just create an A record for your webserver that points to the
address in the DMZ. You should do that on your DNS server.



| No, the DNS server is internal on our Network. Naturally, if it
| doesn't find what it is looking for, it resolves off the internet root
| servers (ISP, etc).
|
| On Dec 2, 4:57*pm, Morph <(E-Mail Removed)> wrote:
| > In the message
| > <(E-Mail Removed)>
| >
| > TimParker wrote:
| >
| > | I just finally finished converting our offices over to using Cisco
| > | hardware that we bought a few months back. (871 routers for the remote
| > | offices and a 5505 for the main office).
| > |
| > | I have it configured with an outside, inside and dmz interface. Our
| > | company web server and external mail server naturally live in the DMZ
| > | (192.168.18.x).
| > |
| > | The problem is when we try and hit the website it can't seem to get
| > | there. If I had entries in the hosts files on the PC with the Internal
| > | address it works fine. Normally, it would resolve to the external
| > | address (204.210.x.y)
| > |
| > | What type of rule do I need. I have tried putting one in both the DMZ
| > | and inside rules sections to allow TCP-HTTP and TCP-HTTPS to the
| > | server in question.
| >
| > If I understand correctly you are using a public DNS server and when you
| > try to access your website from insind of your network, the DNS name is
| > resolved to the public IP address and you can not access the page?
| >
| > If this is the case, then have a look at this (DNS Doctoring):http://www.cisco.com/en/US/products/...figuration_exa...

 
Reply With Quote
 
TimParker
Guest
Posts: n/a
 
      12-03-2009
Thanks Morph. I thinkI got that working this morning since printing. I
added a "zone file" to the DNS server and gave it the internal IPs.
But now I have to figure out how to
handle my remote VPN users. They hit the same DNS servers. I think
there must be something config wise that I have to add to the ASA5505.
I just had a user call in that
couldn't get to the mail or web server. I had to manually add entries
to the HOSTS file with the external/routable IPs and it works for
them.


On Dec 3, 8:47*am, Morph <(E-Mail Removed)> wrote:
> In the message
> <(E-Mail Removed)>TimParke r wrote:
>
> Then just create an A record for your webserver that points to the
> address in the DMZ. You should do that on your DNS server.
>
> | No, the DNS server is internal on our Network. Naturally, if it
> | doesn't find what it is looking for, it resolves off the internet root
> | servers (ISP, etc).
> |
> | On Dec 2, 4:57*pm, Morph <(E-Mail Removed)> wrote:
> | > In the message
> | > <(E-Mail Removed)>
> | >| > TimParker wrote:
>
> | >
> | > | I just finally finished converting our offices over to using Cisco
> | > | hardware that we bought a few months back. (871 routers for the remote
> | > | offices and a 5505 for the main office).
> | > |
> | > | I have it configured with an outside, inside and dmz interface. Our
> | > | company web server and external mail server naturally live in the DMZ
> | > | (192.168.18.x).
> | > |
> | > | The problem is when we try and hit the website it can't seem to get
> | > | there. If I had entries in the hosts files on the PC with the Internal
> | > | address it works fine. Normally, it would resolve to the external
> | > | address (204.210.x.y)
> | > |
> | > | What type of rule do I need. I have tried putting one in both the DMZ
> | > | and inside rules sections to allow TCP-HTTP and TCP-HTTPS to the
> | > | server in question.
> | >
> | > If I understand correctly you are using a public DNS server and when you
> | > try to access your website from insind of your network, the DNS name is
> | > resolved to the public IP address and you can not access the page?
> | >
> | > If this is the case, then have a look at this (DNS Doctoring):http://www.cisco.com/en/US/products/...figuration_exa...


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LCD TV resolution / DVD resolution ? slonkak DVD Video 0 11-13-2006 02:34 PM
How do you change the Modelsim Cursor Resolution (not simulation resolution) Andrew FPGA VHDL 0 09-26-2005 04:05 AM
Scanning resolution, printing resolution, and downsampling hassy_user Digital Photography 11 10-27-2004 07:18 PM
Resolution resolution Simon Digital Photography 4 02-27-2004 01:53 PM
ISO Resolution Chart and Printing Resolution Jack Yeazel Digital Photography 0 08-11-2003 11:19 PM



Advertisments