Nothing to do with allowing inbound DNS queries to your server!
If you are port forwarding from your external IP address to the DNS server then I think that you are supposed to use the keyword "interface" rather than the external IP address.
If it doesn't show up in the access list then the chances are that it isn't in there, therefore no traffic to your server!
"chris" skrev i en meddelelse news: snipped-for-privacy@karoo.co.uk...
What is it used for then?
I have severel IP addresses. If I use "interface" - how can the Cisco then know which IP address to use?
You are right - but why does it not show up? The policy is created in ASDM and I did an "apply" - and I still can see them in ASDM. Could it be that the Cisco does not allow it to be created because some proxy is doing the DNS job?
Becuase you are specifying the *internal* IP address in the static. The "interface" keyword is for when you are port forwarding from the *external* interface IP address.
ie. if I have a web server on 192.168.10.1 and a mail server on 192.168.10.2 then I might use ..
Because traffic from the outside will be sent to the public IP, not the private one!
Maybe the IP's are wrong? Maybe the DNS server isn't set up to accept external queries? Maybe the access list isn't applied to the interface?
You really need to look at the logging on the firewall when you try external access to the DNS server. if traffic is being dropped by the ACL then you'll see that in the logs.
"chris" skrev i en meddelelse news: snipped-for-privacy@karoo.co.uk...
My god, how dumb I am.... I didn't allow outgoing DNS lookup to that address from the LAN I am sitting on (another one). The Cisco config is working correctly.
Sorry for the inconvienience and thank you for trying...
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.