NAT Inconsistencies

Unanswered Question
Dec 19th, 2008
User Badges:


I am running a 2821 Router running 12.4(23) and I am having some odd experiences with nat.

Basically i want the clients on one subnet to be natted for everything except DNS traffic.

The natting works correctly if im just testing basic nat. however when I add an access list it is inconsistent. I added an access list which has basically a deny statements matching any udp/tcp traffic on port 53 and a permit statement for all IP.

When i clear the nat translations and do an NSLookup on a client on the subnet the first few queries are not natted.However they then randomly start to be natted, and the translations shows udp translations on port 53

Anyone have any ideas.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Giuseppe Larosa Sun, 12/21/2008 - 04:32
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Miron,

clients DNS queries are done on UDP port 53 only.

TCP port 53 is used for zone transfers between DNS servers.

Are you using an internal DNS server or your clients point directly to an ISP DNS ?

Hope to help


mironduplessis Mon, 12/22/2008 - 00:02
User Badges:

Hey Giuseppe,

We are using an internal DNS Server. However the issue is not with DNS it is with the nating not being consistent.



archari Mon, 12/22/2008 - 11:30
User Badges:
  • Cisco Employee,

can u share the ACL's u used and the relevant nat configs on the interfaces?


This Discussion