Using External DNS Inside LAN?

Apr 19, 2012

I think the subject gives a good first impression of what I'd like to achieve.Anyway i'll give a little more context.I'm running a Windows Home Server in my LAN and I would like to use it's functionalities (especially the streaming) features from "anywhere" using the same URL.My is a Linksys WRT160Nv3 running on the DD-WRT v24-sp2 firmware.I've already setup the necessary port forwardings, as most of the WHS sites run on ports 80 (http) and/or 443 (https) and my isp is blocking all ports < 1024 (I know it suck, but nothing to do about)Anyway, outside my network (friends home, work, ...) I can access my home server browsing to :// or I want is that this (external) DNS also works when i'm inside my network (so when I'm at home).

Is this possible?I want this because on the home page of the WHS web interface, I have some links (for example to sabnzb, or the webpage of my raid controller, etc etc, but they all point to url's (with the external dns) are not working when i'm inside my lan.I'm not an export but i'm quite sure it's a DNS issue.Some more info:When i do an nslookup I see the (external) static IP that has been assigned to my router.When I do a ping to I also get a reply from the (external) static ip that has been assigned to my router.

View 3 Replies


Cisco WAN :: ASA 8.4 Can't Ping External Hosts From Inside

Jun 9, 2011

DNS resolution works and I can surf the web without fail.  But if I try to ping any external hosts (I can ping inside interface of ASA fine) from the LAN I get timeouts.  I can ping anything from the ASA without fail.

ASA Version 8.4(1)
hostname fw1-nat-ann
enable password anWLNen9CTFp7B/X encrypted
passwd 2KFQnbNIdI.2KYOU encrypted

View 1 Replies View Related

Cisco Firewall :: ASA 8.4 NAT On Outside And Inside For Certain External Hosts?

Nov 21, 2012

ASA is running 8.4.
Internal interface:
External interface:
Routing to via internal host.I've got some static NATs, e.g:
object network obj-
nat (inside,outside) static obj-
 object network obj-
nat (inside,outside) static obj-
 I also want in internal NAT, but only for certain external hosts, so when they connect to any of the above, their source address is changed. I've attempted the following so an external host (, has it's source changed to
nat (outside,inside) source static obj- obj-
But it's source remains unchanged.What am I missing?

View 3 Replies View Related

Cisco Application :: CSS11503 / Make NAT From Inside Addresses And Translate Into One External IP Address?

Dec 8, 2011

I know the CSS is too old but I have one in production environment and I was asked if it is possible to CSS to make NAT from inside addresses and translate them into one external IP address to diferent kind of communications, for example: and (inside addresses) should start connection to external IP addresses destinations / / and so on, the default gateway to those Servers is the CSS and I would like to know if it is possible that all connection to external world to be translate into one IP address
My CSS is 11503
Version: sg0810106

View 2 Replies View Related

Cisco Switching/Routing :: 5520 To Redirect An External Address To An Inside Server

Mar 21, 2012

I am desperate to make some kind of translation which convert an outside IP Address of our web server to its inside ip address so that requests can be routed internally to the server.
This is what we have:  A wireless network with an SSID to serve visitors.  We also have an in-house web server which can be accessed internally and externally.  We have a ASA 5520 that protects the internal network, including the Web server, and also routes all traffic from the all visitors connected to the public SSID to the outside.  The DHCP server for the wireless network for visitors is configured to give the as dns server.  The problem with that is that the is resolved by Google's dns server to the public IP Address of our web server!  The traffic then is sent to the outside interface of the ASA 5520.  The visitor who wants to access our web server cannot connect!
How can I configure the ASA to route that traffic to our web server with the public ip address to the inside ip address of the web server?

View 2 Replies View Related

Cisco WAN :: Save DHCP Table Inside Of External Flash In 2801 Router

Dec 3, 2012

how to storage the DHCP IP table in a external flash of a router. This is because the router is switched off and switched on everyday but I want that it remembers which MAC is associated with which IP when it starts again and avoid IP duplicate problems. The command "lease" doesn't seem useful here.

View 4 Replies View Related

Cisco WAN :: 2811 - Cannot Ping Inside Global IP From Inside Network

Dec 18, 2010

I have 2 questions.Om my cisco 2811 (IOS 12.4(15) T9 IPBASE W/O Crypto) i am using 3 interfaces.And i have a pool of Global addresses: 200.x.z.97-200.x.z.126
FastEthernet 0/1 description WAN interfaceip nat outsideip address 200.x.y.253
GigabitInterface 0/2/0description DMZ interfaceip nat insideip address
GigabitInterface 0/3/0description LAN interfaceip nat insideip address

View 8 Replies View Related

Cisco WAN :: NAT Inside-to-inside (hairpinning) With NVI On 887VA?

Nov 25, 2011

I'm trying to configure hairpinning on my Cisco 887VA VDSL router, so all LAN users can connect to the server using SMTP port 25 which is also in the same LAN subnet, using external router address, which is assigned to dialer1 interface.Traffic comming in from outside works fine.
External IP:
PC address connecting to the server:
Server address:
IOS: 15.1.4M1


I'm running tcpdump on the server on port 25 and... nothing happens. The traffic is not going through.One thing that I've notices in debug ip packet is this line:

s= (Vlan1), d= (Vlan1), len 52, rcvd local pkt

shouldn't source be internal vlan1 IP -

View 3 Replies View Related

Cisco :: IPS Inside Or Outside FW?

Apr 4, 2011

Been reading up on IPSs some and some sources say the IPS goes inside the FW some say it goes outside. I know the inside is easier to tune and more secure, what are ya'll's oppenions on where it should go and why? (I will say most of them say IPSs on the inside and outside, but I figure that's something of a marketing ploy)I kinda like inside the FW to keep it a bit more safe and to avoid the stuff the FW will kill by default that's out gunking up the internet.

View 5 Replies View Related

Cisco :: (Duplicate TCP SYN From Inside)

Nov 8, 2011

I'm seeing a TON of traffic in my ASA logs (via ASDM) indicating the following:"Duplicate TCP SYN from inside: (valid internal address of one of our laptops)/50164 to inside: (address on our other subnet, still trying to trace it)/9100 with different initial sequence number"This looks like an attack to me, likely someone's downloaded something they shouldn't have and got an infected laptop. Why it's trying to "call home" to something inside our network is what puzzles me, though.Is there any VALID reason I would see these sort of messages in my log?

View 3 Replies View Related

Cisco :: ASA 8.4(1) Changing Inside To Outside IP

Mar 10, 2011

My exchange server should have an outside interface ending in .82 which is one of public IP's assigned to it.Inside -> Outside x.x.x.82 How can I configure this in ASA 8.4(1)?

View 3 Replies View Related

Cisco :: Can't Telnet From Inside To 891

Jan 26, 2012

I have a 891 router I have been testing some things on. I have been able to successfully telnet to it in the past with no problems. Just yesterday I was trying to set an interface to have an IP of which I realized was an IP I had forgot to exlcude from DHCP and it was handed out to the computer I was using to telnet in. So I wrote in the exlcude commands and did an ipconfig -release ipconfig -renew on my PC that had the IP. After the renew I was given (put in a few more excludes).However the release dropped my telnet connection and afterwards I was completely unable to telnet in, getting the error that says I cannot open the connection on port 23. I had made some changes to my entire config beforehand which had it switch to use a new public IP. I never saved the changes and did a hard reset by unplugging the router to get my old config back and see if I could telnet after that. Still could not get in, same error. Well I went through and remade my entire config to use the new public IP. My PC can access the internet, DNS, ping the router, all just fine. Still can't telnet. I remade my line/vty config and made sure it matched up with a config I had on another router. Still can't telnet. Last thing I did was go in and manually clear all open line connections. All that is left is an idle 0 con 0 line that it wont let me close. Still can't telnet.What the **** is going on with this thing? I am completely at a loss to explain why I cant telnet. It must be something in my ACLs that I am missing?

View 2 Replies View Related

Cisco Firewall :: PIX 525 - Inside / Outside IP Same?

Feb 21, 2013

I have inherited a PIX 525 environment and I need to document a lot of stuff to catch-up on what is going on.  I was gathering IP address information and ran "show interface outside" and "show interface inside" and noticed the same IP assigned to both.  I checked the MAC address and they are different.  This IP is also listed as the Management IP.  So I am sort of confused.  What condition would warrant both the inside interface and outside interface along with the Management IP having the same IP?
The PIX and the hosts it comms it monitors do live in a VLAN controlled by a Brocade switch which also is our gateway out.

View 5 Replies View Related

Cisco :: Accessing Inside PAT From DMZ Network?

Aug 3, 2011

Setup as follows:

Cisco ASA 5510

I have an internal server that is PAT to to allow RDP connections. - This works fine from the internet.I have now been asked to allow our guest wireless ( - DMZ) to access this same external connection.We have 2 cisco controllers, with the guest controller "anchored" in the DMZ.I cannot get this to work.Both the DMZ and inside NAT their internet connections to

View 4 Replies View Related

Transferring Files Inside An Network

Feb 8, 2013

I want to transfer big fiiles from PC to another PC, and it has happened frequently, I was wondering is there any way that I can send them directly with high speed if they are connected to the same router (my Router),I got an Desktop with Windows 8 64bit.The target PC (to transfer files) Laptop Windows 7

View 2 Replies View Related

Cisco :: Can't Ping From Inside To Outside Host?

Jul 6, 2011

configure my Cisco ASA5510 (asa version 8.3.1) so that one of the host (e.g. behind management interface can ping to the other host (e.g. behind OUTSIDEinterface. I tried modifying the ACLs, NATs and ICMP statement, but still failed[CODE]

View 19 Replies View Related

Cisco Firewall :: ASA5510 Cannot Seem To Get From Inside To Outside

Oct 20, 2011

I have a ASA 5510 with asa8.4(2) and asdm6.4(5)205.  Have a new basic config, nothing special at this time.  I just cannot seem to get from the inside to the outside.  From the outside interface I can ping, so I have a good Internet connection. [code]

View 3 Replies View Related

Cisco WAN :: 1811 - Use Global Ip Inside LAN?

Oct 19, 2011

i have cisco router 1811 , i make port forwarding for my mail server , so from outside i can access to the mail server via my mobile but inside lan i cannot because i use my global ip address at my mobile config .

View 12 Replies View Related

Cisco WAN :: ASA5590 - How To Allow Access From DMZ To Inside

Mar 7, 2011

configuration of my ASA 5590 i am trying to give access to tcp ports 50,000 to 60,000 from DMZ to Inside interface

View 2 Replies View Related

Cisco Firewall :: ASA 5550 Two ACL From Outside To Inside

May 13, 2011

I have  ASA5550 ruuning Version 8.3(1) with inside and outside interfaces as below [code] On the inside : I have a server ( that need to be accessed from an outside host (Y.Y.131.34) , so I have the below NAT/ACL  rules. [code] is it right that I have to add two ACL entry for outside host to the NATed IP of the inside server , then again add another ACL entry from the same outside host to the private IP of my inside server o get this communication done?

View 7 Replies View Related

Certain Sites Blocked From Inside Wnr3500

Jun 1, 2011

I have a Netgear wnr3500 for my home network. I have certain sites blocked from inside it, for instance.I even blocked it by exact url. Still gets through then blocked and it was immediately Netgear blocked.It seems this site is fooling my router.

View 3 Replies View Related

Cisco VPN :: 5505 SSL VPN Works From Inside But Not Outside

Sep 20, 2012

I'm setting up a VPN in order to share files between two locations. I'm not sure it's the best solution, but he insists on using his Cisco ASA 5505 Firewall via a clientless VPN. His set-up is a simple residential cable modem (Motorola SurfBoard/TimeWarner) set in DMZ mode, the Cisco ASA, and an Ubuntu server.
The Clientless VPN is set up, as are the user groups, and bookmarks. I'm able to browse to the firewall's internal interface IP ( and log in to the Clientless VPN portal, and from there, I can access all of the plug-ins I've configured (CIFS, VNC, etc). The problem is that I cannot connect from outside the local area network.
I think it's something very basic that I'm missing, like a NAT rule. I've tried adding some, but they always seem to interfer with the NAT rule allowing users to connect, via the internet, to the Apache web server (port 80) running on the Ubuntu machine behind the ASA Firewall.
Like I said, I'm not sure this is the best solution for him. Using an ASA seems like overkill for something that can be accomplished with some software, but he and I are both fans of Cisco, and, as I said, he is adament about using this set-up. If it comes down to it, I'd like to be able to honestly tell him that I exhausted every resource in trying to find a way to make this work for him before giving up and going to "Plan B".

View 2 Replies View Related

Cisco WAN :: 2811 QoS For IPSec VPN And Inside VPN

Jan 23, 2011

We have a remote office that needs to be connected to the central office through a site to site ipsec VPN.At the central site there is a 2811, and at the remote site there is 1841.Most of the traffic will be VoIP traffic and small amounts of data.
I need to setup some QoS that would firstly prefer the VPN traffic over internet access and then inside the VPN I need some QoS that will preffer VoIP over data.

View 1 Replies View Related

Cisco Firewall :: DMZ To Inside On ASA 5510

May 9, 2011

I have deployed a read only domain controller in our DMZ as part of a domain-related project.  That machine needs to be able to reach domain controllers on our internal network.  To do so, it should traverse our ASA 5510, going from the DMZ Interface (security level set to 60) to the Inside Interface (security level set to 99).
I've created an ACL as following (alerting hostnames in the example):
access-list dmz_access_in extended permit ip host dmz.rodc.domain.local object-group int-domain-controllers
I've read in various spots that you have to create a NAT when traversing security levels, going from a less trusted interface (DMZ) to a more trusted one (internal.)  Since this link will carry domain traffic, we do not want to create a real translation.  Thus, I created a stand-in NAT that points to its own IP as follows:
static (dmz,inside) dmz.rodc.domain.local dmz.rodc.domain.local netmask
Long story short, the connection fails.  I'm able to access other hosts in the DMZ and on another interface configured with the same security level (which I've explicitly allowed), but trying to go from the less-trusted DMZ to the more-trusted internal fails.

View 12 Replies View Related

Cisco Firewall :: ASA 8.2.5 - DMZ To Inside Access?

Oct 18, 2012

A Cisco ASA running 8.2.5 with 3 interfaces: Outside (Sec lvl 0)/-nternet IP / DMZ (Sec lvl 2)- / Inside (Sec level 100)-
An ACL on the DMZ which looks like this:
access list DMZ_IN permit ip any
access list DMZ_IN deny ip any any
access-group DMZ_IN in interface DMZ 
global (outside) 1 interface
nat (DMZ) 1
Nat Control  is not enabled (by default) There is no nat exemption, static identity nat or any nat of any kind set up between the Inside and DMZ.The question is:  Will the DMZ network be able to initiate connections to the Inside network or will only outside (internet) access be permitted?
A) No, inside access will not be permitted, only Interenet access will be permitted, because there is no NAT exemption or Static Identity NAT between the lower level security interface (DMZ) and the Higher level security interface (Inside), regardless of the DMZ ACL rule with a destination of ANY.
B) Yes, access to the Internet and the Inside can be initiated because NAT control is disabled and there is an ACL that permits DMZ traffic to 'ANY' destination.

View 4 Replies View Related

Cisco VPN :: PIX-525 - VPN Works On Inside Interface But Not Outside

Sep 25, 2011

I have a PIX-525 with an UR license.  I was trying to get my VPN to work from my iphone over the weekend but to no avail.  I then changed the interface to the inside to see if my iMac could connect and bingo!  It worked.  I then tried to connect via inside interface with my iphone and it worked.
I connected a PIX-515e and, using the same settings, can connect to the outside interface via my iPhone.

Now, to answer the pressing questions, yes I changed the server IP address in my IPSEC client settings to reflect the outside and inside interfaces as I was testing each one.  I was using a preshared secret.  Yes, the secret was entered correctly and they all matched...yes, the tunnel name was entered correctly.  I was using local user database for authentication with username/password (i.e. no certificate authorization to make things simpler for debugging).  I changed the syslog to debugging and I see absolutely no errors when trying to connect my iphone to the outside interface (i.e. turning wifi off so I'm on my 3G data network).  The only thing I see is where my iphone hits the outside interface and it does a teardown (or whatever its called) but that's it.
Why would this work like a charm with my PIX-515e and not my PIX-525?  Could the VPN accelerator card in the 525 be at fault?  The 515e does not have the aecellerator card.  why I can esablish a VPN connection on the inside interface but not the outside?

View 6 Replies View Related

Cisco Firewall :: ASA 9.1 Inside To DMZ Access

Feb 26, 2013

I recently upgraded my asa from 8.2 to 9.1 (reconfigured from scratch - didnot convert old config) and everything seems to be working fine except for communication between my INTERNAL network and my DMZ. Here's my config below -
ASA Version 9.1(1)
hostname ZEPPELIN
enable password XXXXX

View 15 Replies View Related

Cisco :: ASA 5505 SSL VPN Can't Reach Inside From VPN Subnet

Jul 7, 2012

I've setup a SSL VPN to a ASA 5505 and can connect.

VPN network /24
Inside Network /24
Outside is connected to Router.

I am trying to RDP to a win server on the inside network but I cant get to it. Can not even ping or (not sure if I could anyways)

I added a ACL on the outside interface and then inside interface permit ip any any but still no ping or RDP...

New at VPN and have survived so far on cisco docs but this problem is evading me.

: Saved
ASA Version 8.2(5)
hostname ciscoasa


View 1 Replies View Related

Cisco :: NAT For Ospf Networks Or Any Inside Network

Jul 1, 2012

I have a simple isp topology built in GNS3, for testing (pppoe) dialers:cisco router(R1) connected to my pc network card, doing NAT translations for all the devices in the topology.I know how to configure NAT for spesific ip range, but i can't find out how to configure NAT for networks which are learned through ospf (or any other dynamic way).

View 2 Replies View Related

Cisco :: New ASA5505 Can't Change Inside Interface From 192.168?

Jul 8, 2011

I currently have an out of the box ASA5505 and need to change the internal interfact from to so it fits in with the rest of the network.Tried using the ASDM Startup wizard (via and it just seems to hang on "delivering the commands to the device".

View 16 Replies View Related

Cisco :: ASA 5505 DMZ Do Not Talk To Inside Network

Jul 29, 2011

I have a 5505 with the security plus license. I have a web server in the DMZ that needs to talk with a server on the inside network but it doesn't seem to be able to. Im guessing there is something I need to do to enable the DMZ to talk to the inside network.

Here is the config.


View 1 Replies View Related

Cisco :: Multiple VLANs Inside The Same Subnet?

Apr 4, 2013

The network topology is like this. Router with DHCP_Server on it.


My question is how to configure the router so that all devices on all 3 VLANS can obtain IP from the router. I've tried to enable proxy arp on all interfaces and create sub interfaces and trunk them to their appropriate vlans, but I can't specify the gateway on all trunked sub interfaces because I get a warning that addresses overlap. Then I tried to set access-group on all sub-interfaces and still doesn't work.

View 5 Replies View Related

Cisco :: Unable To Access Inside Network

Jun 25, 2012

I have setup a few Vpn clients but no ones able to access the inside network.The clients all get a Ip address from the pool and DNS servers Ip's. But cannot ping or connect to there pc's. I'm thining its somewhere in the ACL.

View 2 Replies View Related

Copyrights 2005-15, All rights reserved