NAT PAT routing problem

Answered Question
Jul 6th, 2010

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Tabla normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin-top:0cm; mso-para-margin-right:0cm; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0cm; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}

I have two dns servers, DNS1 goes out through ADSL router R1 (this is the firewall’s default route). DNS2 goes out through R2 ADSL Router (R1 send all the traffic from DNS2 to R2). R2 has only one public IP address so I’m doing NAT overload for browsing and PAT for udp 53 (dns). The firewall and R1 are using public IP addresses of R1, so no need to nat in R1.

If I’m outside of my bussiness and query my dns servers (nslookup), I have no problem with DNS1, but queries to DNS2 do  not work

Any help?

Important R2 configuration

interface Vlan1

ip address xxxx

no ip redirects

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

interface Dialer1

mtu 1492

ip address negotiated

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

no cdp enable

ppp authentication chap pap callin

ip forward-protocol nd

ip route Dialer1

ip nat inside source list 1 interface Dialer1 overload

ip nat inside source static udp yyyy 53 interface Dialer1 53

Correct Answer by vdineshkumar83 about 6 years 7 months ago


  Good to hear that's working.


V Dinesh Kumar

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.3 (3 ratings)
vdineshkumar83 Tue, 07/06/2010 - 02:42


       Check the translation table whether your particular DNS ip gets translated.


V Dinesh Kumar

vdineshkumar83 Tue, 07/06/2010 - 04:21


  Whats defined in source-list 1? Is it matching all the traffic? If so can you deny the particular DNS ip and check


V Dinesh Kumar

jmprats Tue, 07/06/2010 - 04:56

Sorry, It's working. Please reply me and I'll rate you correctly

Thank you very much


This Discussion

Related Content