WB v4 Sec 5 - DNS doctoring Static -- R3 cannot ping CA-server mapped IP

Hi ,

After doing the configuration as mentioned in the workbook, R3 cannot ping CA-server mapped IP ( 150.51.0.100). 

Below are the logs from R3, ASA2..

Please advice..

ASA2 config:

object network CA-Server

 host 10.0.1.100

object network CA-Trans

 host 150.51.0.100

access-list WWW extended permit tcp any host 10.0.1.100 eq www

pager lines 24

mtu Outside 1500

mtu Inside 1500

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

!

object network CA-Server

 nat (Inside,Outside) static 150.51.0.100 dns

access-group WWW in interface Outside

!

Captures from ASA2 Inside interface:

ASA2(config)# sh capture IN

798 packets captured

   1: 22:24:33.173712 802.3 encap packet

   2: 22:24:34.032682 10.0.1.3 > 150.51.0.100: icmp: echo request

   3: 22:24:34.190313 10.0.1.12 > 224.0.0.5:  ip-proto-89, length 52

   4: 22:24:34.874527 10.0.1.3 > 224.0.0.5:  ip-proto-89, length 64

   5: 22:24:35.204731 802.3 encap packet

   6: 22:24:35.972438 10.0.1.3 > 150.51.0.100: icmp: echo request

   7: 22:24:37.106241 802.3 encap packet

   8: 22:24:37.908125 10.0.1.3 > 150.51.0.100: icmp: echo request

   9: 22:24:39.098032 802.3 encap packet

  10: 22:24:39.979411 10.0.1.3 > 150.51.0.100: icmp: echo request

  11: 22:24:41.161826 802.3 encap packet

  12: 22:24:41.984415 10.0.1.3 > 150.51.0.100: icmp: echo request

  13: 22:24:42.437340 10.0.1.100 > 224.0.0.5:  ip-proto-89, length 64

  14: 22:24:43.162589 802.3 encap packet

  15: 22:24:44.017470 10.0.1.3 > 150.51.0.100: icmp: echo request

  16: 22:24:44.190221 10.0.1.12 > 224.0.0.5:  ip-proto-89, length 52

  17: 22:24:44.935345 10.0.1.3 > 224.0.0.5:  ip-proto-89, length 64

  18: 22:24:45.188390 802.3 encap packet

  19: 22:24:47.217243 802.3 encap packet

  20: 22:24:49.146904 802.3 encap packet

  21: 22:24:51.237994 802.3 encap packet

  22: 22:24:52.453025 10.0.1.100 > 224.0.0.5:  ip-proto-89, length 64

  23: 22:24:53.239169 802.3 encap packet

  24: 22:24:53.884628 10.0.1.3.51838 > 150.51.0.2.53:  udp 21

  25: 22:24:53.898375 150.51.0.2.53 > 10.0.1.3.51838:  udp 37

  26: 22:24:53.924360 10.0.1.3 > 150.51.0.100: icmp: echo request

  27: 22:24:54.190313 10.0.1.12 > 224.0.0.5:  ip-proto-89, length 52

  28: 22:24:55.010985 10.0.1.3 > 224.0.0.5:  ip-proto-89, length 64

  29: 22:24:55.341245 802.3 encap packet

 From R3

R3#sh run | i ip

no ip icmp rate-limit unreachable

ip tcp synwait-time 5

ip cef

ip name-server 150.51.0.2

 ip address 10.0.1.3 255.255.255.0

R3#ping WWW

Translating "WWW"...domain server (150.51.0.2) [OK]

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 150.51.0.100, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

R3#