L
L
LegalSanta2020-03-09 22:06:50
Domain Name System
LegalSanta, 2020-03-09 22:06:50

Problems accessing resources via VPN, port forwarding is configured and works correctly without VPN. Who is to blame VPN or Port Forwarding?

Hello!

So, I have an old Cisco ASA5510 firewall (specially indicated for specialists so that it is immediately clear what functionality is available for settings), Port Forwarding to local resources and VPN (Cisco Anyconnect Client) is configured on it.

The problem is how to force resolve names (DNS) or forward a request (IP:PORT) to the requested resources when VPN is used (by the way, not necessarily Cisco Anyconnect Client). The main thing is that when VPN is not used, then all port forwarding rules work with a bang (that is, you can access the local service through an external IP (domain)), the connection is established. BUT when any VPN is used, the following happens: the system resolves the host name via DNS (moreover, it does it very well, in fact it is always the IP of the local web server, it is logical, because this domain name has a public website) and addresses completely to where you need to.

Example:
request from WAN:
http://domainname.zone:port- the service landed on the given port opens and connection is established. At the same time, the system understands which internal IP should be routed to (just configured Port Forwarding).

request from WAN with VPN:
http://domainname.zone:port - connection could not be established. Further, during the analysis, it turns out that the notorious Port Forwarding for some reason does not work; (i.e. the connection tries to associate domainname.zone with the web server, and not with the desired IP inside the local network.

Help me figure it out, please. Where to dig? Towards the Port Forwarding or DNS settings?

Answer the question

In order to leave comments, you need to log in

1 answer(s)
K
ky0, 2020-03-09
@ky0

Give the DNS server to clients connected via VPN a local address - then forwarding is not needed (well, only outside). Split-DNS is called.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question