![]() Of course without UDP on port 53 working, DNS lookupsįrom that machine to the outside world are dead. The ASA throws a bitch and kicks out "ERROR: unable to reserve port 53 for Static (LAN,Internet) udp MAIL1-Outside domain MAIL1-Inside domain netmask Put in a UDP translation as well like this: NOTE: The TCP static translations above works just fine, but if I try and Static (LAN,Internet) tcp MAIL1-Outside smtp MAIL1-Inside smtp netmask Static (LAN,Internet) tcp MAIL1-Outside domain MAIL1-Inside domain netmask Nat (LAN) 0 access-list LAN_nat0_outbound Global (Internet) 102 MAIL1-Outside netmask 255.0.0.0 Quite extensive (with multiple VPN's and so on), so I will try and post whatĪccess-list Internet_access_in remark DNS Server on MAIL1Īccess-list Internet_access_in extended permit object-group TCPUDP any host Here is some of my config, hopefully I don't need to post it all as it's ![]() So needless to say the outside DNS queries to that server are NOT working. Also my TCP mappingsĪll seem to be fine, but when I try and put in a translation for UDP on portĮRROR: unable to reserve port 53 for static PAT To the specific internal servers, and all is well. I have the external IP's on the firewall, mapped Their own external IP's as well, we have multiple DNS, Mail, and so on We are using it in routed/NAT mode, but some internal servers need to be on Setup an ASA5520, and overall it's doing well, except this one gotcha. OK, I am sure this is just something I haven't run into before, but I just
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |