“DNS穿透搞不定了，自己搞定了总结

**oracat [Lv9 无所不能]** · 发表于 2013-8-26 12:12:53

asa防火墙是不允许内网访问外网口地址的，所以我内网访问域名的时候，域名被解析成外网口地址，内网就不能通过域名访问网站了，我在static语句后面加上dns了，也不行，这种情况怎么解决？

配置如下：
interface Vlan1
nameif inside
security-level 100
ip address 192.168.0.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
pppoe client vpdn group bohao
ip address pppoe setroute
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
dns domain-lookup inside
dns server-group DefaultDNS
name-server 202.106.0.20
name-server 8.8.8.8
domain-name default.domain.invalid
access-list 101 extended permit ip 192.168.30.0 255.255.255.0 any
access-list 101 extended permit ip 192.168.0.0 255.255.255.0 any
access-list acl-out extended permit icmp any any echo-reply
access-list acl-out extended permit tcp any interface outside eq www
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface www 192.168.30.2 www netmask 255.255.255.255  dns
access-group acl-out in interface outside
route inside 192.168.30.0 255.255.255.0 192.168.0.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat
0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect
0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http 0.0.0.0 0.0.0.0 inside
http 0.0.0.0 0.0.0.0 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet 0.0.0.0 0.0.0.255 inside
telnet timeout 5
ssh timeout 5
console timeout 0
vpdn group bohao request dialout pppoe
vpdn group bohao localname xxxxxxxx
vpdn group bohao ppp authentication pap
vpdn username xxxxxxxxx password *********
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
  message-length maximum 512
policy-map global_policy
class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:d856c6904b319249e0277923e9d93e47
: end

解决方案见这里

处理关于静态转换2接口DNS修补的例子.rar (346.52 KB, 下载次数: 25)

**肖俊 [Lv7 精益求精]** · 发表于 2013-8-29 15:12:39

**十字路口 [Lv8 技术精悍]** · 发表于 2013-10-8 14:21:49

支持一下:lol

**bele [VIP@钻石]** · 发表于 2013-10-8 16:52:30

**fm830612 [Lv8 技术精悍]** · 发表于 2013-10-8 23:51:52

我是来刷分的，嘿嘿

**伊達政宗 [Lv8 技术精悍]** · 发表于 2013-11-6 11:05:42

我是个凑数的。。。

**bgbg [Lv8 技术精悍]** · 发表于 2013-11-6 16:40:39

这是什么东东啊

**wu100 [Lv8 技术精悍]** · 发表于 2013-11-8 10:44:17

没看完~~~~~~ 先顶，好同志

**dzd007 [Lv8 技术精悍]** · 发表于 2013-11-10 21:27:59

过来看看的,感谢攻城狮论坛

**dlong008 [Lv8 技术精悍]** · 发表于 2013-12-7 16:26:00

沙发！沙发!

主题标签Tag

more　+今日重磅推荐Recommend No.1

more　+社区更新Forums

more　+随机图赏Gallery

[排错经验] “DNS穿透搞不定了，自己搞定了总结

相关帖子

客服中心

投诉建议