IP/Name Resolution issue...

Discussion in 'Cisco' started by TimParker, Dec 2, 2009.

  1. TimParker

    TimParker Guest

    I just finally finished converting our offices over to using Cisco
    hardware that we bought a few months back. (871 routers for the remote
    offices and a 5505 for the main office).

    I have it configured with an outside, inside and dmz interface. Our
    company web server and external mail server naturally live in the DMZ
    (192.168.18.x).

    The problem is when we try and hit the website it can't seem to get
    there. If I had entries in the hosts files on the PC with the Internal
    address it works fine. Normally, it would resolve to the external
    address (204.210.x.y)

    What type of rule do I need. I have tried putting one in both the DMZ
    and inside rules sections to allow TCP-HTTP and TCP-HTTPS to the
    server in question.
     
    TimParker, Dec 2, 2009
    #1
    1. Advertising

  2. On Dec 2, 1:20 pm, TimParker <> wrote:
    > I just finally finished converting our offices over to using Cisco
    > hardware that we bought a few months back. (871 routers for the remote
    > offices and a 5505 for the main office).
    >
    > I have it configured with an outside, inside and dmz interface. Our
    > company web server and external mail server naturally live in the DMZ
    > (192.168.18.x).
    >
    > The problem is when we try and hit the website it can't seem to get
    > there. If I had entries in the hosts files on the PC with the Internal
    > address it works fine. Normally, it would resolve to the external
    > address (204.210.x.y)
    >
    > What type of rule do I need. I have tried putting one in both the DMZ
    > and inside rules sections to allow TCP-HTTP and TCP-HTTPS to the
    > server in question.



    Here's some basics - don't know if they'll work for you, as I don't
    know what your config looks like, but maybe this will help a little.


    interface Serial0/1
    ip address 204.210.x.y 255.255.x.x
    ip access-group 123 in
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat outside
    ip inspect DEFAULT100 out
    ip virtual-reassembly
    encapsulation ppp
    ip route-cache flow

    ip nat inside source static 192.168.18.x 204.210.x.y route-map rmap_1
    route-map rmap_1 permit 1

    access-list 123 permit icmp any host 204.210.x.y echo
    access-list 123 permit tcp any host 204.210.x.y eq www
    access-list 123 permit tcp any host 204.210.x.y eq smtp
    access-list 123 permit tcp any host 204.210.x.y eq 443
    access-list 123 permit tcp any host 204.210.x.y eq pop3
    access-list 123 permit tcp any host 204.210.x.y eq 143

    We'd need to se a bit more of your config for additional help.
     
    Robert Jacobs, Dec 2, 2009
    #2
    1. Advertising

  3. TimParker

    Morph Guest

    In the message
    <>
    TimParker wrote:

    | I just finally finished converting our offices over to using Cisco
    | hardware that we bought a few months back. (871 routers for the remote
    | offices and a 5505 for the main office).
    |
    | I have it configured with an outside, inside and dmz interface. Our
    | company web server and external mail server naturally live in the DMZ
    | (192.168.18.x).
    |
    | The problem is when we try and hit the website it can't seem to get
    | there. If I had entries in the hosts files on the PC with the Internal
    | address it works fine. Normally, it would resolve to the external
    | address (204.210.x.y)
    |
    | What type of rule do I need. I have tried putting one in both the DMZ
    | and inside rules sections to allow TCP-HTTP and TCP-HTTPS to the
    | server in question.

    If I understand correctly you are using a public DNS server and when you
    try to access your website from insind of your network, the DNS name is
    resolved to the public IP address and you can not access the page?

    If this is the case, then have a look at this (DNS Doctoring):
    http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968c8.shtml
     
    Morph, Dec 2, 2009
    #3
  4. TimParker

    TimParker Guest

    No, the DNS server is internal on our Network. Naturally, if it
    doesn't find what it is looking for, it resolves off the internet root
    servers (ISP, etc).

    On Dec 2, 4:57 pm, Morph <> wrote:
    > In the message
    > <>
    >
    > TimParker wrote:
    >
    > | I just finally finished converting our offices over to using Cisco
    > | hardware that we bought a few months back. (871 routers for the remote
    > | offices and a 5505 for the main office).
    > |
    > | I have it configured with an outside, inside and dmz interface. Our
    > | company web server and external mail server naturally live in the DMZ
    > | (192.168.18.x).
    > |
    > | The problem is when we try and hit the website it can't seem to get
    > | there. If I had entries in the hosts files on the PC with the Internal
    > | address it works fine. Normally, it would resolve to the external
    > | address (204.210.x.y)
    > |
    > | What type of rule do I need. I have tried putting one in both the DMZ
    > | and inside rules sections to allow TCP-HTTP and TCP-HTTPS to the
    > | server in question.
    >
    > If I understand correctly you are using a public DNS server and when you
    > try to access your website from insind of your network, the DNS name is
    > resolved to the public IP address and you can not access the page?
    >
    > If this is the case, then have a look at this (DNS Doctoring):http://www.cisco.com/en/US/products/ps6120/products_configuration_exa...
     
    TimParker, Dec 3, 2009
    #4
  5. TimParker

    Morph Guest

    In the message
    <>
    TimParker wrote:
    Then just create an A record for your webserver that points to the
    address in the DMZ. You should do that on your DNS server.



    | No, the DNS server is internal on our Network. Naturally, if it
    | doesn't find what it is looking for, it resolves off the internet root
    | servers (ISP, etc).
    |
    | On Dec 2, 4:57 pm, Morph <> wrote:
    | > In the message
    | > <>
    | >
    | > TimParker wrote:
    | >
    | > | I just finally finished converting our offices over to using Cisco
    | > | hardware that we bought a few months back. (871 routers for the remote
    | > | offices and a 5505 for the main office).
    | > |
    | > | I have it configured with an outside, inside and dmz interface. Our
    | > | company web server and external mail server naturally live in the DMZ
    | > | (192.168.18.x).
    | > |
    | > | The problem is when we try and hit the website it can't seem to get
    | > | there. If I had entries in the hosts files on the PC with the Internal
    | > | address it works fine. Normally, it would resolve to the external
    | > | address (204.210.x.y)
    | > |
    | > | What type of rule do I need. I have tried putting one in both the DMZ
    | > | and inside rules sections to allow TCP-HTTP and TCP-HTTPS to the
    | > | server in question.
    | >
    | > If I understand correctly you are using a public DNS server and when you
    | > try to access your website from insind of your network, the DNS name is
    | > resolved to the public IP address and you can not access the page?
    | >
    | > If this is the case, then have a look at this (DNS Doctoring):http://www.cisco.com/en/US/products/ps6120/products_configuration_exa...
     
    Morph, Dec 3, 2009
    #5
  6. TimParker

    TimParker Guest

    Thanks Morph. I thinkI got that working this morning since printing. I
    added a "zone file" to the DNS server and gave it the internal IPs.
    But now I have to figure out how to
    handle my remote VPN users. They hit the same DNS servers. I think
    there must be something config wise that I have to add to the ASA5505.
    I just had a user call in that
    couldn't get to the mail or web server. I had to manually add entries
    to the HOSTS file with the external/routable IPs and it works for
    them.


    On Dec 3, 8:47 am, Morph <> wrote:
    > In the message
    > <>TimParker wrote:
    >
    > Then just create an A record for your webserver that points to the
    > address in the DMZ. You should do that on your DNS server.
    >
    > | No, the DNS server is internal on our Network. Naturally, if it
    > | doesn't find what it is looking for, it resolves off the internet root
    > | servers (ISP, etc).
    > |
    > | On Dec 2, 4:57 pm, Morph <> wrote:
    > | > In the message
    > | > <>
    > | >| > TimParker wrote:
    >
    > | >
    > | > | I just finally finished converting our offices over to using Cisco
    > | > | hardware that we bought a few months back. (871 routers for the remote
    > | > | offices and a 5505 for the main office).
    > | > |
    > | > | I have it configured with an outside, inside and dmz interface. Our
    > | > | company web server and external mail server naturally live in the DMZ
    > | > | (192.168.18.x).
    > | > |
    > | > | The problem is when we try and hit the website it can't seem to get
    > | > | there. If I had entries in the hosts files on the PC with the Internal
    > | > | address it works fine. Normally, it would resolve to the external
    > | > | address (204.210.x.y)
    > | > |
    > | > | What type of rule do I need. I have tried putting one in both the DMZ
    > | > | and inside rules sections to allow TCP-HTTP and TCP-HTTPS to the
    > | > | server in question.
    > | >
    > | > If I understand correctly you are using a public DNS server and when you
    > | > try to access your website from insind of your network, the DNS name is
    > | > resolved to the public IP address and you can not access the page?
    > | >
    > | > If this is the case, then have a look at this (DNS Doctoring):http://www.cisco.com/en/US/products/ps6120/products_configuration_exa...
     
    TimParker, Dec 3, 2009
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jack Yeazel

    ISO Resolution Chart and Printing Resolution

    Jack Yeazel, Aug 12, 2003, in forum: Digital Photography
    Replies:
    0
    Views:
    3,367
    Jack Yeazel
    Aug 12, 2003
  2. Simon

    Resolution resolution

    Simon, Feb 26, 2004, in forum: Digital Photography
    Replies:
    4
    Views:
    486
    Simon
    Feb 27, 2004
  3. slonkak

    LCD TV resolution / DVD resolution ?

    slonkak, Nov 13, 2006, in forum: DVD Video
    Replies:
    0
    Views:
    1,209
    slonkak
    Nov 13, 2006
  4. hassy_user
    Replies:
    11
    Views:
    807
    Bart van der Wolf
    Oct 27, 2004
  5. HS Crow
    Replies:
    11
    Views:
    757
    HS Crow
    Sep 23, 2005
Loading...

Share This Page