![]() ![]() The problem area is the inspect dns entry. Policy-map type inspect dns preset_dns_map The issue is tied into the inspection policies in this part of the configuration: Once I had this error message I did a search for this text. The Packet Tracer showed the DNS packet was dropped and the error message was 'inspect-invalid-dns-pak'. I decided to run the Packet Tracer utiltiy against DNS on the inside interface. I have the same-security-traffic permit inter-interface and intra-interface commands in the ASA. Hopefully someone has configured this kind of setup before and will be able to give me an idea of what I am missing. I have attached a diagram of the network. I am running version 7.2 of the ASA software. I have been working on this for a number of weeks, performing searches on CCO, scanning this Forum and the web and I cannot find an explanation for what is going on. I am aware of NAT exemption and I think I have properly configured it. Any HTTP requests to servers on the 192.168.1.x subnet timeout using either IP address or DNS names. Even though there are two internal DNS servers defined. Nslookup only looks at the external DNS server (208.67.220.220) for name resolution requests. I can ping my internal DNS server with an IP address, but cannot ping it or any other internal clients by name. ![]() However DNS and HTTP connections internally do not work. For example a client with an IP address of 192.168.2.59 can access the internet. What is odd is about this is clients on any of the other internal networks, can access the internet via a web browser. The ASA5505 has an internal IP of 192.168.1.1 and is being assigned an external IP via DHCP from the ISP. I have setup RIP between the ASA and the 1760, the ASA is properly feeding a default route to the 1760. It is connected to a Cisco 1760 router with multple internal networks. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |