Cisco Cisco ASA 5525-X Adaptive Security Appliance - No Payload Encryption 기술 매뉴얼

Contributed by Shrinkhala Singhania, Vibhor Amrodia, and Dinkar
Sharma, Cisco TAC Engineers.
May 27, 2015

Introduction
Prerequisites
     Requirements
     Components Used
     Related Products
Background Information
Scenario: Three NAT Interfaces − Inside, Outside, DMZ
     Topology
     Problem: Client Cannot Access the WWW Server
     Solution: "dns" Keyword
        DNS Doctoring with the "dns" Keyword
     Version 8.2 and Earlier
     Version 8.3 and Later
     Verify
     Final Configuration with the "dns" Keyword
     Alternative Solution: Destination NAT
     Final Configuration with Destination NAT
Configure
Verify
     Capture DNS Traffic
Troubleshoot
     DNS Rewrite Is Not Performed
     Translation Creation Failed
Related Information

This document provides a sample configuration to perform Domain Name System (DNS) doctoring on the
ASA 5500−X Series Adaptive Security Appliance (ASA) that uses Object/Auto Network Address Translation
(NAT) statements. DNS doctoring allows the security appliance to rewrite DNS A−records.

DNS rewrite performs two functions:

Translates a public address (the routable or mapped address) in a DNS reply to a private address (the
real address) when the DNS client is on a private interface.

• 

Translates a private address to a public address when the DNS client is on the public interface.

•