Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAT re-writing DNS records

Hello,

I have a DNS within a DMZ behind a Cisco 2811 router, all behind another firewall. The router is running  ipbasek9 12.4(24)T4 and performing a source static network NAT for the network behind it.

The problem I'm having is that the router is also translating the network prefix within the DNS queries issued against the DNS server. I've ran a series of wireshark traces on both sides of the router that confirms this.

Is there a method to limit the NAT on the router to only translate the IP packet headers and not the data?

Here is an example config of my NAT

ip nat inside source static network 192.168.224.0 192.168.238.0 /24 no-payload

Everyone's tags (3)
5 REPLIES

NAT re-writing DNS records

Hi Dave,

The NAT is translating the network addresses in the header and not the data hence the name. Maybe I have misunderstood your question.

Best regards,

Alex

New Member

Re: NAT re-writing DNS records

It is re-writing the actual DNS queries returned by the server acting on both the header and the date payload. But the no-payload option doesn’t seem to help.

interface FastEthernet0/0

description Interconnect to FW

ip address 192.168.253.46 255.255.255.252

ip nat outside

ip virtual-reassembly

!

interface FastEthernet0/1

description DMZ subnet

ip address 192.168.224.254 255.255.255.0

ip nat inside

ip virtual-reassembly

!

ip nat inside source static network 192.168.224.0 192.168.238.0 /24 no-payload

New Member

NAT re-writing DNS records

OK - perhaps I just didn't clear out the existing translations Bad me!

NAT re-writing DNS records

Is it working ok now?

Best regards,

Alex

New Member

Re: NAT re-writing DNS records

Yes it is working nicely. Thank you.

852
Views
0
Helpful
5
Replies
CreatePlease login to create content