Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Outgoing traffic translation

I have an internal network that is nat to an external IP aaa.bbb.ccc.ddd

I also have a 3-bit public subnet that terminates on the external IP.

On my internal network is a DNS server and I have used one of the public subnet IP as my DNS IP and mapped port 53 tcp/udp to the DNS server.

Incoming dns requests work well.

My problem is the secondard DNS is external.

Notify messages from the primary DNS arrive at the secondard DNS from the external NAT IP aaa.bbb.ccc.ddd and not from the public subnet IP address. The secondard DNS rejects the notify messages.

Is there a simple solution to my problem? Can I map outgoing port 53 from the DNS server to the public subnet IP?

I have a 887W

regards, Mark

1 REPLY
Bronze

Outgoing traffic translation

If I am understanding your question correctly, you want to allow your internal DNS server to talk to a secondary, external DNS server  - however when the external DNS server receives packets from the internal DNS server, they have a source IP address of the external NAT address instead of the DNS server's real IP?. Is that correct ?

If your internal DNS server is already assigned a public IP, it does not need to be NAT'd. You could deny the IP of your DNS server from being NAT'd through the ACL of your NAT configuration.

260
Views
0
Helpful
1
Replies