11-27-2007 07:15 AM - edited 03-09-2019 07:29 PM
So here is the situation
I'm replacing a netgear prosafe or something at the head office with a Cisco 1800. I had a few VPN tunnels coming into it connected to other offices/vendors and the tunnels worked fine.. In my main office I have a Domain controller that is the main DNS Server for our internal network. It also our external Facing DNS Server as well ( I know I know) I just inherited it.. So everything works fine with the netgear. When I configure the 1800 and get it working, the tunnels come up and everything is good, except for one thing.. I have an office with an XP Machine and a small netgear router with a vpn tunnel to the main office where the DNS Points to 10.51.44.9 which is the IP of the DC. Once the Cisco was put in it could not query that DNS server at all. I have the nat statement..
ip nat inside source static udp 10.51.44.9 53 interface FastEthernet0/0 53 in the 1800 to allow for outside access to this DNS Server. When I take it out. DNS works fine again on the XP Machine.. the problem is I can't leave it out or everything will stop working..
Any ideas?
11-28-2007 07:15 AM
Anyone Please??
11-28-2007 07:30 AM
Please attach your config.
11-28-2007 07:42 AM
11-28-2007 07:49 AM
Can the remote site acces your web server @ 10.51.44.9 when using the vpn ?
11-28-2007 08:02 AM
not unless i take this statement out
ip nat inside source static tcp 10.51.44.9 80 interface FastEthernet0/0 80
11-28-2007 08:55 AM
The easy way out is to use the "outside" IP adresse to reach the DNS and other server from your remote site.
If you all your router were cisco, you could do a GRE IPsec tunnel and avoid this nat issue...
Or...to make this work, you would need a static outside address.(not the interfae)
11-28-2007 08:57 AM
i tried that but DNS Still dosent work right ie cant join the domain etc
12-11-2007 10:06 PM
I have a similer config where we have replaced a sonicwall with a cisco 877 (just temp, eventually to be upgraded to a 1841) Our VPN's do the same thing. We anything which is port forwarded gets lost in translation (literally). I have attempted: http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094634.shtml However this did not work for me... Is the only option to get a second public IP to terminate the VPN on?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide