USD ($)
$
United States Dollar
India Rupee
Your cart is empty
Empty notifications
Login Register

DNS Doctoring

Lesson 7/10 | Study Time: 10 Min
Course: Cisco ASA VPN Lab Workbook for Practice
DNS Doctoring

Task

● Configure R1 int e0/0 ip 192.168.1.1/24 , Configure R2 ip 192.168.2.1/24 , Configure R3 ip int e0/0 101.1.1.1/24

● Configure ASA1 int e0 ip address 192.168.1.10/24 with nameif inside and security level 100 , int e1 with nameif dmz and security level 50 and int e2 with nameif outside and security level 0

● Configure dynamic PAT on ASA1 to translate any user with outside interface ip address.

● NAT dm zip 192.168.2.1 wih 101.1.1.11

● Configure R3 as DNS server with name r2.cisco.com

● On switch configure int e1/0 , int e3/0 in vlan 2 and int e1/1 , e3/2 in vlan 3 and int e0/2 , e1/2 in vlan 4

● Ping r2.cisco.com from R1, and it should be successful

Explanation

When we configure the ASA to modify the reply packet by replacing the address in the reply packet with an address that matches the NAT configuration. Configuring the DNS modification when we configure each translation rule, this modification is called DNS doctoring.

Configuration

R1


R2

R3

NAT on ASA

Result

Previous Lesson Next Lesson
Gautam Sharma

Gautam Sharma

Product Designer
★★★★★ 4.97
Faithful User
Expert Vendor
Golden Classes
King Seller
Fantastic Support
Loyal Writer
Profile

Class Sessions

1- Active Standby Failover 2- NAT 3- Manual NAT 4- MPF 5- Security Context 6- MPF Allowing BGP pass through network 7- DNS Doctoring 8- Access Lists 9- Modular Policy Framework Allowing only 2 consecutive session 10- MPF TCP Ideal timeout with reset