Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

DNA NAT Blocked replies

Hi all,

I know this should be pretty simple but I can't get my head around this.

I have DNS servers on the inside (192.168.1.0) and have most of the hosts IP address on that same subnet.

The issue is that one of the hosts has and IP address that is outside the subnet out in the Internet.

I can see with tcpdump that the DNS queries are getting sent back to the Internet based query source but, the response is not getting out of our cisco router.

I found an old posting at the bottom of this

http://forums.anandtech.com/showthread.php?t=850674 and it seems the pretty much state what I think the issue is.

On the router, I have many static NAT entries, a few dynamic NAT/PAT entries and a few ACLs.

The IP NAT lines is essentially:

ip nat inside source static 192.168.1.5 a.b.c.d

What I have done so far is this:

1) change DNS server to have 'host1' A record with IP 192.168.1.5 and restart named.

2) Run 'nslookup host1.domain.com' from internat based linux box  - result is correct ip 'a.b.c.d'

3) change DNS server to have 'host1' A record with IP <internet based address - 1.2.3.4 or whatever> and restart named.

4) Run 'nslookup host1.domain.com' from internat based linux box  - result is timeout

5) change DNS server to have 'host1' A record with IP <192.168.1.x subnet but NOT .5> and restart named.

6) Run 'nslookup host1.domain.com' from internat based linux box  - result is timeout

this seems weird to me..

The router is a Cisco 1921.

IOS Universal K9 M 15.3(2) T

Anyone have ANY ideas?

Jerry

Everyone's tags (4)
141
Views
0
Helpful
0
Replies
CreatePlease login to create content