Basic IOS NAT question.

Unanswered Question
Mar 28th, 2007

I need to perform a NAT function on only DNS queries destined for external DNS servers that I receive on a single physical interface - all other traffic is to remain unchanged.

These DNS queries need to be redirected to DNS servers internal to my enterprise rather than DNS servers that my wireless service provider is "telling" the client machines to use.

I "Think" all I have to add to the config is the following:

ip nat inside source x.x.2.77 y.y.2.135

ip nat inside source x.x.5.3 y.y.130.135

int fa6/7

desription Interface receiving DNS queries from clients configed with external DNS server entries.

ip nat outside

int vlan 2

desription Interface 1 connected to subnet with enterprise DNS server.

ip nat inside

int vlan 5

description Interface 2 connected to subnet with enterprise DNS server

ip nat inside

I only want NAT performed on DNS queries RX'd on int fa 6/7 destined for either y.y.2.135 or y.y.130.135. All DNS queries destined for x.x.2.77 and x.x.5.3 need to remain untouched.

Will this work ?

Is it the best way or is there an alternative ?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
thomas.chen Tue, 04/03/2007 - 09:06

This document explains the use of the alias command on the Cisco Secure PIX Firewall.

The DNS server is on the outside. Verify that the DNS server resolves your domain name to the global IP address of the web server by issuing an nslookup command. The result of the nslookup on the client PC is the internal IP address of the server (10.10.10.10). This is because the DNS reply gets doctored as it passes through the PIX.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aee.shtml

Actions

This Discussion