Cisco Firewall :: ASA 5520 - Unable To Resolve External Hostname Internally
Jul 1, 2012
I am working on adding a mapping to our external address for our mail server - let's call it mail.example.com
I would like to be able to access mail.example.com internally for our user's smartphones - if they access our company WiFi they are not able to get mail using the mail.example.com as the server name in their phone setups. However, once they leave the office and use any other WiFi it works fine. Also, I am unable to ping that address from any internal device. I believe also this is the reason Exchange accounts do not work on our site to site VPN connections.
I have a ASA 5520 and work primarily in the ASDM 6.4 to do configurations in the main office and have 5510 in our site to site connections.
View 6 Replies
ADVERTISEMENT
Dec 13, 2012
This is Cisco Prime LMS 4.2.2 on Windows 2008 R2
As far as I understand it Fault Manager need to be able to do reverse lookup for ip adresses to show the correct name in the "device name" column. I have double and tripple checked and all devices that only is shown as an ip address do have a reverse in the dns used by the LMS server. The device is correctly registered and inventory have been run. If I hold the mouse pointer over the crosshair on the row of the offending device all info is shown including correct device name and fqdn.
The server is upgraded from 4.2.1 to 4.2.2 and we have the same problem before the upgrade.
View 2 Replies
View Related
Jul 21, 2011
I am having issue with my network as my router won't resolve most of the hostname of the network, I have 30 devices on my network, and only 4 names are displayed on the available local host. It makes it very difficult to identify the devices on the network.
View 3 Replies
View Related
Feb 4, 2013
How to configure ASA 5520 to resolve names in ASA's. We are currently using ASDM to configure network objects with the hostnames in the internet and then specifying the IP address . But this is done manually. Is there a different way of setting it up on ASA. Also when getting reports from ASA, we see the IP's but is there a way that we could add an identity to the IP's (reverse lookup)
View 1 Replies
View Related
Sep 17, 2012
Accessing exteral address internally.
I have a mail server, with external access which works fine for external access thorugh our router (a 1941). I have a laptop which connects to a wireless network that is inside our router. When attempting to navigate to the webmail or use outlook, it cannot connect.
The laptop is configured to access the mail through the external path as it would be offsite occasionally.
I think the problem seems to be that the traffic is not leaving the router to come back internally. The laptop can ping the external address ok.
I read about something called hairpinning - is this what i need to be looking at?
View 3 Replies
View Related
May 10, 2012
i got an ea2700 and i cant get the external to work internally which i need for server tests now this has worked before on every other router i had without any editing done but this one doest allow that so what can i do to make it work with this router?
View 9 Replies
View Related
Jan 7, 2013
I am able to access ASA via hostname but with IP address it does not work.Need to know what config i need to put so i am able to access it using IP by ssh and ASDM? ASA is 5520 version is 8
View 12 Replies
View Related
Jun 3, 2012
I have a 2800 with one Gigabit interface connection to our Lan and the other interface connected to the internet with a public IP address. Now I'd like to setup the router to resolve both internal and external DNS requests. Thus requests like www.google.co.za and LocalLanPcName should be resolved to their public and private IP's respectively. [code] When I ping any name the only DNS server that is ever queried is 192.168.1.200 (it does resolve internal name correctly though).
None of the other servers are attempted to resolve the name. It does not matter if I specify a FQDN or not.
How do I setup the router so that my internal resolution is handled by 192.168.1.200 and .201, while external resolution is handled by 41.160.36 and .37. Or alternatively, how do I configure it to at least try all 4 specified name-servers for resolution, and not fail after trying the first one unsuccessfully.
View 9 Replies
View Related
Jun 23, 2011
I am unfortately the only IT staff now for 100 - 150 users in my organization besides a consultant who doesn't have an answer for this issue even though he sold us the hardware and environment. While I realize that this version of the Cisco VPN doesn't support Windows 7, we do have some Windows 7 PC's that have the software and work perfectly fine upon install. In this case, I am at a remote location with both a Windows XP SP3 and Windows 7 SP1 computer. Both have the same Cisco client installed and connect to our ASA5520. I cannot get DNS resolution out of this computer to any remote network resources or other domains such as cnn.com including localhost. Adding the entries manually in the hosts file does nothing and I even tried removing the VPN client, the network connections and components and even a manual winsock reset. I cannot resolve internet DNS but can ping all internal IP addresses. The Windows XP computer across from me has no issues. I am not going to update any VPN clients as we still don't have computers who are functional so I need to spend money where it counts before I upgrade computers and I cannot perform a downgrade on this model because the previous person who bought it didn't bother to check Windows XP compatibility before they installed them in 10+ communities.
Here's my IP config - FYI all works well when not connected to the VPN for general web domains.
C:UsersAdministrator>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : GHN-Green-S01 Primary Dns Suffix . . . . . . . :
[Code].....
View 2 Replies
View Related
Dec 8, 2012
I have an ASA 5520 with a DMZ with private addresses that I SNAT to my outside network. From inside the DMZ I can reach servers by both the internal private IP and the public IP, except if the IP is from the server trying to connect. So, say I have server1 and server2. I can connect from server1 to server 2 with both public and private, but can't connect from server1 to server1' using the public IP. ASA logs show that packets are being denied due to land attack. DNS doctoring is not an option for me.
View 1 Replies
View Related
Jun 14, 2011
I have installed quite recently a cisco ASA 5520 replacing a linux based firewall I have only 2 zones ..one is internal netowrk and other external the internal network has web servers, dns and mail server all having public IPs Every thing is OK but i have seen that if I try to ping an external server for example [URL] i cannot ping says
[sylvan@kmdns1 ~]$ ping www.yahoo.com
PING eu-fp.wa1.b.yahoo.com (87.248.112.181) 56(84) bytes of data.
--- eu-fp.wa1.b.yahoo.com ping statistics ---
6 packets transmitted, 0 received, 100% packet loss, time 5010ms
but I can ping from systems which are outside my firewall perfectly with the linux firewall i had before i could ping perfectly to yahoo from any of my internal servers?
View 5 Replies
View Related
Apr 23, 2012
My laptop is connected to a router via wifi but it keeps getting a DNS fault. I have another PC linked to the same router via WiFi and that works perfectly all the time. I have the same problem on both google chrome and IE browsers where I just get the message telling me that the DNS look up failed. My internet is still connected as I can dial into my remote CCTV cameras and I can ping website ip addresses. Most times I can just turn off my wireless adapter and turn it back on and it works for another hour or so. But sometimes it wont work all day, unless I start my laptop in safe mode, when it works everytime! I have flushed the DNS cache several times but to no avail.
View 5 Replies
View Related
Feb 8, 2012
My company recently purchased a custom domain name through In Motion Hosting (inmotionhosting.com) which has worked great up until today. As of this morning we are not able to view our webpage online (ronnysinc.com) or any inmotionhosting pages including our email accounts. However, we can view any other website and computers outside of our network seem to be able to view those pages without any problem. [code] As you can see it works fine with any other website such as google. My initial thought was it was being blocked by our firewall but when I log into the router I do not see any firewall settings that would create this block. I also tried resetting the router and flushing the DNS with no success.
View 5 Replies
View Related
Mar 27, 2011
I am using the Cisco VPN Client 5.0.06.0160 - and am having an issue connecting to my ASA 5510 via VPN. This issue is happening on 1 of our laptops. All other laptops connect just fine. So the problem is not in the ASA. I have double checked the client setup and config and it too is correct. The interesting thing is, we are connecting to an IP Address and not a host name.
View 1 Replies
View Related
Apr 12, 2012
I am running a webserver locally and I am unable to resolve it by domain name (e.g. mydomain.com) when I am inside my network. However, I am able to hit it internally (e.g. 192.168.0.10) just fine. When I try to access mydomain.com from inside my network it comes up with my Actiontec router's admin page on 192.168.1.1.Here is my configuration:Actiontec FIOS router 192.168.1.1 (connected to internet)DHCP disabled Netgear Router 192.168.1.2 is in the DMZHas cable running from Actiontec's LAN port to Netgear's WAN port[CODE]
View 7 Replies
View Related
Jan 15, 2012
I have been trying to connect to the Internet via a wireless connection but keep receiving the above error. None of the Windows solutions resolve the problem. On Google Chrome I see a screen saying 'This web page is not available', and receive 'Error 105: Unable to resolve the server's DNS address'. I cannot access Internet Explorer either.The strange this is that this problem only seems to occur with some wireless networks, as I can connect fine at home. In certain places, however, I am told that I am connected but that accss is 'Local Only', and I cannot open any browsers. I need the problem resolved as soon as possible as I cannot access the internet where I need it most.
View -1 Replies
View Related
Feb 8, 2013
Error 105 (net::ERR_NAME_NOT_RESOLVED): Unable to resolve the server's DNS address.
View 1 Replies
View Related
Mar 15, 2011
Will I break anything if I create a second IP address on the physical external interface of our ASA 5510? I want to point it nowhere internally but want an active interface that can be vulnerability scanned but won't lead anywhere internally.
View 9 Replies
View Related
Jul 4, 2012
I am unable to login to switch c3560 through Hostname but able to login through IP address. when i am putting the command : login authentication telnetpwd
getting the below message:
AAA: Warning authentication list "telnetpwd" is not defined for LOGIN.
View 5 Replies
View Related
Jan 1, 2013
I have a Cisco 1721 router with an ADSL wic. I have followed guides on the Cisco website so that I can connect the router to my home adsl connection. The router connects to my broadband provider and sucesfully obtains an IP address along with Dynamically assigned DNS servers. I am able to ping google.co.uk from the router but not from clients attached via DHCP.
I have noticed that if I ping the IP address of google.co.uk from a client it resolves but it will not resolve the name. This would lead me to believe that the problem lies with DNS resolution/forwarding but I do not know how to investigate further.
View 3 Replies
View Related
Nov 28, 2011
I have a issue that i am at a loss as how to solve it. I have an ASA 5505 as my firewall. I have users from other companies who visit from time to time and are unable to use their outlook email to send messages. They can however receive messages without a problem. I also have a situation where users who use windows live to access gmail are unable to send messages.
I have narrowed it down to the fact that these uses are using ssl/tls to send the mails. I did some research and found out about the inspect esmtp setting in the ASA. I have disabled it and i still have to problem. I have also removed all outbound deny statements and still no luck.
Of note is that i can send emails without attachments. They take a long time to go out ( from minutes to hours) but eventually they do. Emails with attachments of even 10k do not go at all.
I was running image 8.2.3 and i downgraded to 8.0.5...still did not work...i upgraded to 8.4.3...still did not work. I am now back at 8.2.3.
My Firewall config is attached. I am at my wits end as to what else to try. The company has not renewed support for the device so i am on my own here!
View 2 Replies
View Related
Dec 27, 2011
I'm connected through the router, a few times a day I cannot open web pages, getting error: Error 105 (net::ERR_NAME_NOT_RESOLVED): Unable to resolve the server's DNS address.Skype continues to work. Here are the results of pinging:
Quote:
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:UsersSri Guru>ipconfig /all[code]....
One technician said that this is the providers problem, but I don't think so. When I restart the modem everything works.I have a Netgear WGR614 v9 router.I use ESET 5 security. Btw, connection drops on all computers connected through the router, so it's not my firewall.
View 3 Replies
View Related
Feb 8, 2012
I am unable to ssh to the cisco firewall from outside. Though when i telnet on port 22, [code] When i do a putty session i get a blank screen.
View 9 Replies
View Related
Mar 26, 2013
As part of our PCI compliance, we were required to add a line to all of our ACLs in our ASA 5520 running version 8.2(3). Though there is an implicit deny all, we had to add a line to deny from any source to any destination.We had no problems in adding the additional deny all statements except for our NAT access-list. This NAT access list is used for our internet connection.Currently, the NAT ACL has 4 entries to permit from a specified source to destination any. This ACL is then called on our NAT statement.nat (inside) 1 access-list NAT,Also, note that NAT control is in place and we also have NAT zero statements for our VPN connections.So to fulfill our requirements, we just had to add another line to our ACL entries. But we encountered an issue with our NAT acl.
View 10 Replies
View Related
May 14, 2012
I have a 5505 that currently has inside/outside interfaces and everything is working just fine. I am trying to create a DMZ that will essentially be just for vendors/guests. the DMZ will have full access to the outside (Internet) but no access to the inside. I am using the FW for DHCP, and 8.8.8.8 and 4.2.2.2 for DNS. I currently have 1 laptop in the DMZ vlan, and it is getting a correct IP, and it is showing 8.8.8.8 and 4.2.2.2 in ipconfig. I can ping/tracert 8.8.8.8/ 4.2. 2.2/74.125.137.147(what url... resolved to on a laptop connected to the inside vlan), but I cannot ping nor browse to url.... [code]
View 1 Replies
View Related
Aug 16, 2011
I was trying to upgrade from 8.3.1 to 8.3.2. but I am unable to copy via tftp to the ASA flash or disk0:
ASA5520# copy tftp: flash:
Address or name of remote host []? 10.88.127.153
Source filename []? asa831-k8.bin
Destination filename [asa831-k8.bin]?
[code]....
Half way thru writing to the disk, it goes for a reboot. There is more than enought space on the disk0. I tried copying via a Compact Flash, but the ASA is not detecting the Compact Flash (which I thinks should be disk1). I tried copying a asdm file, even that also went for a reboot.I am stuck now, unable to upgrade
View 12 Replies
View Related
Aug 6, 2012
is there any way to apply hostname or object network in the syntax? The command gives the option to use hostname or A.B.C.D but doesn't accept the hostname PIX1(config)# filter url except 0.0.0.0 0.0.0.0 ?configure mode commands/options: Hostname or A.B.C.D The address of foreign/external host which is destination for connections requiring filtering Can an FQDN be used as a foreign/external host?
View 3 Replies
View Related
May 9, 2013
my 1841 router can't resolve dns after enable ios firewall, I try to ping google.com from router's console fail, but dns resolution is fine from lan side.
my partial config---------------------------------
!
ip name-server 8.8.8.8
[Code].....
View 10 Replies
View Related
Jul 26, 2011
I am unable to ping inside interface (Rin) to outside interface (Rout) of my Cisco ASA 5520 runing on ASA Version 8.4(1).
ASA Version 8.4(1)
!
hostname FW5520
[Code].....
View 10 Replies
View Related
May 2, 2012
How I can allow dmz zone server to resolve only dns query through nslookup on ASA 5540? What is the configuration required on ASA 5540 ?
View 13 Replies
View Related
Jul 7, 2011
I have connected an ASA 5505 to an ADSL router that is able to assign the IP address and the also the DNS servers for the ISP for the outside interface. The ASA is loaded up with IOS "asa842-k8.bin"
I am using vpnclient with a hostname as oppose to an IP address to connect to a headend remote server. If I hardcode the DNS servers IPs in the "dns server-group DefaultDNS" I am able to resolve the hostname. If I then remove the IPs from the group and rely on the dhcp to assign them, when I try to resolve the name I have an error at the console "ERROR: % Invalid Hostname"
View 2 Replies
View Related
Aug 30, 2011
I have two hosts behind an ASA on a private network. Both hosts are NAT'ed (each has a unique public IP). I need Host A to be able to talk to Host B through their respective external IP's.
View 5 Replies
View Related
Jun 27, 2011
I have set up a remote access ipsec vpn on an asa 5520. I can connect, and ping internal ip addresses, however I cannot ping back out to the internet, nor can the internal network ping the vpn clients and dns resolution internal or external does not work. I am seeing nothing blocked in the logs on the asa.
View 3 Replies
View Related
