Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
366
Views
0
Helpful
3
Replies

NAT Configuration Scenario

mtevans
Level 1
Level 1

‎03-29-2007 06:39 AM - edited ‎03-03-2019 04:21 PM

I need to perform a NAT function on only DNS queries destined for external DNS servers that I receive on a single physical interface - all other traffic is to remain unchanged.

These DNS queries need to be redirected to DNS servers internal to my enterprise rather than DNS servers that my wireless service provider is "telling" the client machines to use.

I "Think" all I have to add to the config is the following:

ip nat inside source x.x.2.77 y.y.2.135

ip nat inside source x.x.5.3 y.y.130.135

int fa6/7

desription Interface receiving DNS queries from clients configed with external DNS server entries.

ip nat outside

int vlan 2

desription Interface 1 connected to subnet with enterprise DNS server.

ip nat inside

int vlan 5

description Interface 2 connected to subnet with enterprise DNS server

ip nat inside

I only want NAT performed on DNS queries RX'd on int fa 6/7 destined for either y.y.2.135 or y.y.130.135. All DNS queries destined for x.x.2.77 and x.x.5.3 need to remain untouched.

Will this work ?

Is it the best way or is there an alternative ?

Labels:
0 Helpful
3 Replies 3

owaisberg
Level 1
Level 1

‎03-29-2007 06:59 AM

mtevans,

Why you don't want to configure your

clients which are behind interface fa6/7

with DNS address of those enterprise DNS

server. This way you need no redirection

to be performed ?

Thx,

OW

0 Helpful

mtevans
Level 1
Level 1
In response to owaisberg

‎03-29-2007 08:46 AM

The interface is connected to a "Secure Wireless Network" (1xRTT and EVDO) that services a whole bunch of customers (Fire/Police/Ambulance/Governement, etc. The service provider is unable to specify/configure per customer DNS entries on the wireless modems other than their own servers or nothing at all. Hence the need to NAT requests coming in from these devices to our own DNS servers.

We try and stay as far away as possible from statically configuring per client any settings.

0 Helpful

owaisberg
Level 1
Level 1
In response to mtevans

‎03-29-2007 09:03 AM

Got it now. So if DNS request coming from

NAT outside interface, to build translation that you need use following syntax:

ip nat inside source static tcp 53 53

ip nat inside source static udp 53 53

HTH,

OW

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card