Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
620
Views
0
Helpful
7
Replies

DNS server IP change - Static IPs on Workstations at branches

Go to solution
ROY SPIRK
Level 1
Level 1

‎04-26-2009 01:09 PM - edited ‎03-04-2019 04:31 AM

I am changing an IP scheme for a customer at their main site. Their branches will be changed to DHCP in the future, but right now I need to change the IP on the DNS server because the IP scheme at the main site has changed.

How can I use the Cisco routers at the branches to redirect DNS requests to the new IP until I get them changed to DHCP? I looked at NAT options and see that I might have issues with the routing and NAT order. Is NAT the way to go with this and if so, do I need to worry about routing and the old subnet being removed at the main site?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎04-27-2009 06:18 AM

Roy

You can use NAT for this altho you would need to test as NAT can sometimes "break" certain things.

So lets say you have this setup

HQ DNS server (10.6.1.2) -> HQ R1 (192.168.5.1) -> (192.168.5.2 - int s0/0) BRANCH R2 (int fa0/0 -10.5.1.1) -> client PC

where the link between HQ R1 and BRANCH R2 is the WAN link.

You want to present the DNS server to the client as 10.7.1.2 even though it's real address is 10.6.1.2.

BRANCH R2

int fa0/0

ip nat inside

int s0/0

ip nat outside

ip nat outside source static 10.6.1.2 10.7.1.2

ip route 10.7.1.2 255.255.255.255 192.168.5.1

You need the route because the router performs routing before NAT on the inside to outside interfaces so you have to make sure any requests for 10.7.1.2 are routed to the interface that has "ip nat outside" configured on it.

Jon

View solution in original post

0 Helpful
7 Replies 7

Go to solution
srinivas_816
Level 1
Level 1

‎04-27-2009 04:23 AM

Hi,

Is their any possible for you to Configure the secondary ip address as the old Network Subnet and do all the changes of migration on the remote site to the new range and later remove the OLd Network ip address block.

Regards

Srini

0 Helpful

Go to solution
ROY SPIRK
Level 1
Level 1
In response to srinivas_816

‎04-27-2009 08:30 AM

Srini,

This was one possibility that we considered. Due to a few issues we ran into (including the truncated time period that we have to make the changes and the extremely large number of services out of our controll) It was better to force everything to break during our maintenace period and fix it then than introduce the possibility of a break after the period.

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎04-27-2009 06:18 AM

Roy

You can use NAT for this altho you would need to test as NAT can sometimes "break" certain things.

So lets say you have this setup

HQ DNS server (10.6.1.2) -> HQ R1 (192.168.5.1) -> (192.168.5.2 - int s0/0) BRANCH R2 (int fa0/0 -10.5.1.1) -> client PC

where the link between HQ R1 and BRANCH R2 is the WAN link.

You want to present the DNS server to the client as 10.7.1.2 even though it's real address is 10.6.1.2.

BRANCH R2

int fa0/0

ip nat inside

int s0/0

ip nat outside

ip nat outside source static 10.6.1.2 10.7.1.2

ip route 10.7.1.2 255.255.255.255 192.168.5.1

You need the route because the router performs routing before NAT on the inside to outside interfaces so you have to make sure any requests for 10.7.1.2 are routed to the interface that has "ip nat outside" configured on it.

Jon

0 Helpful

Go to solution
ROY SPIRK
Level 1
Level 1
In response to Jon Marshall

‎04-27-2009 08:21 AM

Jon,

Thank you for your response. I did try your suggested configuration last night. I found that the routing took place but NAT did not. The customer has esculated the DHCP change at the branches so this is not as critical as it once was.

Is their something that would cause the NAT not to take place. I am sorry, I did not capture debugs last night so I will be unable to share those. As far as I could tell NAT had the translation in "show ip nat trans" but as traffic was routed to that IP the traffic was not NATed.

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to ROY SPIRK

‎04-27-2009 09:46 AM

Roy

I labbed it up with dynamips and it all worked fine for me. Couple of things to check

1) with this setup you an still actually ping the real IP address as well ie. you can ping 10.7.1.2 but you can also ping 10.6.1.2. Just thought i'd mention it.

2) Did you have "ip nat inside" and "ip nat outside" on the right interfaces.

Jon

0 Helpful

Go to solution
ROY SPIRK
Level 1
Level 1
In response to Jon Marshall

‎04-27-2009 09:53 AM

Jon,

Thanks for labbing this up for me. I did have the correct interfaces with inside and outside but after you asked I double checked to make sure. One thing to mention, there are secondary addresses on both sites connecting to the LAN. The addresses involved both used the primary address so the secondary address on each interface should not matter. However, are you aware if secondary address might have caused some unexpected issues?

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to ROY SPIRK

‎04-27-2009 10:08 AM

Roy

"However, are you aware if secondary address might have caused some unexpected issues?"

Not aware of any issues especially as you are using the primary addresses. I have saved the lab so if you want to give me a topology layout together with the addressing used i can have a look.

Jon

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card