ACLs are required for inbound connections which punches hole in the firewall.
In your case the DNS server is on outside right? ACL is not required. With regards Kings On Thu, Mar 10, 2011 at 10:56 AM, kamran shakil <[email protected]>wrote: > Simple yet important question. > > well, configuring dns doctoring we have two ways, alias or static nat with > keyword dns on it. > > > my question is, if we use static nat with dns keyword on asa , and we know > the dns inspection is on by default(correct me if i am wrong ) , do i need > an outside to inside (inbound) acl for dns tcp/udp 53 to be opened > !!!!!!!!!!!!!!!!!!! or the sttic nat command with dns keyword is enuff > !!!!!!!!!!!!!!!!!!!!!!!! > > > *meaning:* > static (in,out) 1.1.1.1 2.2.2.2 dns is enough or > > also need to put up > access-list out permit tcp any host 1.1.1.1 eq 53 > access-list out permit udp any host 1.1.1.1 eq 53 > > Plz do clarify, cannot test this on asa, i believe !!!! > > > > I am sure this question might help many people in solving such practical > life scenarios ! > > > regards, > Kamran. > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
