1. Home
  2. Cisco Systems
  3. ASA 5510 Loopback configuration

ASA 5510 Loopback configuration

Not sure if loopback is right term but here's the scenario: Small Business with a 5510. External domain name is domain.com, internal AD domain is domain.local. Mail is hosted internally with webmail having an external DNS (public name) of mail.domain.com

When users on the outside hit mail.domain.com, it's statically set to an internal mail server and everything works fine. When users are on the internal LAN or wireless (DMZ interface), and they put in mail.domain.com it times out instead of going out to grab the external IP of the public DNS record and come back in. How can I configure the ASA so that the traffic flow back correctly? Please help. Thanks.

-- Posted via NewsDemon.com - Premium Uncensored Newsgroup Service ------->>>>>>

formatting link

Reply to
Mike Mcintosh
Loading thread data ...

Reply to
Chad Mahoney

What if I don't want to host the domain.com zone internally? We used to have a Sonicwall 2040 and it did the loopback without us having to host the public DNS record internally.

If we DO have to host the record internally, will this work for the DMZ interface as well? What's the command to point the ASA to the internal DNS? Thanks.

-- Posted via NewsDemon.com - Premium Uncensored Newsgroup Service ------->>>>>>

formatting link

Reply to
Mike Mcintosh

Not sure what software version you are on, but

formatting link
explains DNS doctoring. You do not point your ASA to the internal DNS server your clients are using the internal DNS server for name resolution. So when a client PC tries to get to mail.domain.com the internal DNS server will return the internal IP of the host. Can you manually type the IP address into a web browser and display a web page? If so this will work for you. Other wise read the link above which explains another avenue.

Reply to
Chad Mahoney

Loopback is not the correct term. I am happy that you replaced your SonicWall device.

Do you have internal users attempting to reach an IP address which is configured on the outside interface of the Cisco ASA firewall? That will very likely not work. When you attempt to PING the outside IP address of your firewall from the inside of the network, it will fail. That is one way in which a firewall is different than a router.

Follow the suggestions given to you about pointing internal users to the internal real IP address of the e-mail server. The outside users can point to the outside IP address on the firewall and the firewall will "forward" that via "static NAT" to the real inside IP address of the e-mail server.

Reply to
Scott Perry

Thanks for the link Chad. I just added "dns" to the end of my static NAT for both the mail and the web server and people can now reach the internal servers via the public DNS record. However, we have a wireless connection that runs on the DMZ interface that people can't get to the same internal server with public DNS records like the internal. Any idea? Do I have to create access-list for DMZ to the inside? Thanks for much appreciated help.

-- Posted via NewsDemon.com - Premium Uncensored Newsgroup Service ------->>>>>>

formatting link

Reply to
Mike Mcintosh

Thanks for the link Chad. I just added "dns" to the end of my static NAT for both the mail and the web server and people can now reach the internal servers via the public DNS record. However, we have a wireless connection that runs on the DMZ interface that people can't get to the same internal server with public DNS records like the internal. Any idea? Do I have to create access-list for DMZ to the inside? Thanks for much appreciated help.

-- Posted via NewsDemon.com - Premium Uncensored Newsgroup Service ------->>>>>>

formatting link

Reply to
Mike Mcintosh

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.