DNS query to internal DNS server from static NAT host

DNS query to internal DNS server from static NAT host: Posted by none on April 24th, 2006; I had my workstation setup on a static NAT address with the following ...

static (inside,outside) 1.2.3.4 10.16.61.247 netmask 255.255.255.255

and the following ACL applied to the outside interface ...

access-list outside_access_in extended permit tcp any host 1.2.3.4 eq
3389

under PIX 7.0 software - with this in place my workstation can't do a
DNS lookup using an internal DNS server.

What do I need to make this work? I have a very similar setup in PIX 6.3
working.

TIA; Posted by info@blueconsole.com on April 24th, 2006; You weren't very clear here as to whether you workstation and DNS
server are on the Inside or Outside.
Also note that although there is an explicit PERMIT from a higher
security interface (Inside) to lower security (Outside), if you have
any ACL applied inbound on the Inside then that explicit PERMIT is
gone. You have to allow the DNS (UDP 53) in your ACL.
http://www.cisco.com/univercd/cc/td/....htm#wp1043290

Steve Griffin
www.blueconsole.com (Bluetooth Wireless Console Cable); Posted by none on April 24th, 2006; On Sun, 23 Apr 2006 18:24:09 -0700, info wrote:

DNS and workstation are both inside - and a "permit ip any any" ACL is
applied in to the inside interface.; Posted by none on April 24th, 2006; On Sun, 23 Apr 2006 21:04:04 -0400, none wrote:

Found the fix ...

Needed this instead

static (inside,outside) tcp 1.2.3.4 3389 10.16.61.247 3389 netmask
255.255.255.255

Thanks!; Posted by rave on April 24th, 2006; this cannot be the fix. what you are doing here is port redirection.
earlier you were mapping a one to one ip.
this cannot be the fix, you are missing something here.; Posted by none on April 25th, 2006; On Mon, 24 Apr 2006 15:52:53 -0700, rave wrote:

Thanks for making me think harder on why it worked ...

Yes it resolved my problem but I actually originally misdiagnosed the
problem, as it looked like a DNS issue because that's the error I got back
from my browser (stupid Micro$oft browser!) - actually the DNS lookup was
working - it was the return of the web page to my desktop that was not
being allowed to come back because the only inbound port open was
3389.

PAT is actually what I wanted to do - I'm not sure how I got the original
statement - I must have been half asleep while doing the configuration
yesterday.

Similar Posts

DNS query from outside to internal, public DNS server (Routers) by Lars Bonnesen
Cisco PIX 501 - Port forwarded to an internal host via Static NAT doesn't work from internal host (Routers) by JoelSeph
Internal Client Accessing Internal Server Via Public IP Address (Routers) by GeekMarine1972
Ping outside of a static from an inside host (Routers) by R.B.P.
ARP vs. static host route (Routers) by Maraudius Kachingo