Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
DNS / New CWP DNS Server Behind a Cisco ASA Firewall
« on: February 26, 2025, 08:23:47 PM »
I have a question about how CWP works. I am not sure and can't really find any info that explains this.
I know in the CWP setup you are to enter your public IP address. Then you have your private IP down below with the NAT checkbox.
Taking that into consideration, I have this server connected to an interface on a Cisco ASA Firewall. What I need to know is what address is the CWP server sending and receiving? If I do not check the NAT box, I am assuming the server is sending data via the public address. If I do check the box, I am assuming the CWP server is Natting the public address to the private one entered on the setup page. Then, there are the DNS public addresses.
First, lets say I have the checkbox checked for NAT. So, the server is natting the public address > private address. I would need to setup the ASA to also nat the private address back to the public address prior to sending the packet out to the internet. Then, for the return data, just the reverse. A NAT rule in the ASA to convert the public address > private address and send to CWP server.
I hope I am on the right track here?? Then there are the DNS records. Are those also getting natted from the public > private address when leaving the CWP server? If so, I would need a NAT statement in the firewall also for the DNS records being that they use UDP port 53 instead of TCP port 80.
This would be a good start if someone can answer to give me a good explaination how CWP works as shown above.
Thanks so much for any help!
Wes
I know in the CWP setup you are to enter your public IP address. Then you have your private IP down below with the NAT checkbox.
Taking that into consideration, I have this server connected to an interface on a Cisco ASA Firewall. What I need to know is what address is the CWP server sending and receiving? If I do not check the NAT box, I am assuming the server is sending data via the public address. If I do check the box, I am assuming the CWP server is Natting the public address to the private one entered on the setup page. Then, there are the DNS public addresses.
First, lets say I have the checkbox checked for NAT. So, the server is natting the public address > private address. I would need to setup the ASA to also nat the private address back to the public address prior to sending the packet out to the internet. Then, for the return data, just the reverse. A NAT rule in the ASA to convert the public address > private address and send to CWP server.
I hope I am on the right track here?? Then there are the DNS records. Are those also getting natted from the public > private address when leaving the CWP server? If so, I would need a NAT statement in the firewall also for the DNS records being that they use UDP port 53 instead of TCP port 80.
This would be a good start if someone can answer to give me a good explaination how CWP works as shown above.
Thanks so much for any help!
Wes
Pages: [1]
