I have discovered a feature of NAT which is causing a problem.
The feature was added in 12.2.13(T) for a default inside server so that port translations are not required if connections are to one inside device.
The problem I have discovered is that some apps use DNS to discover the outside address of the NAT device so that they can work properly. What is happening though is the DNS reply is being doctored to the inside address which is causing application problems.
I would like to have this feature enabled but disable the doctoring of DNS records if thats possible.
We have more or less the same implementation and, or course, ran into the same problems. We needed that NAT but we also needed the DNS packets unchanged.
The easiest way is to use the no-payload option of the "ip nat inside source static" command. What it does is disable the translation of the DNS payload which is, if I am not mistaken, what you need. This option was introduced with 12.2(4)T so you might have to change your IOS. We tried to use this, but this IOS version crashed my router. You might be luckier ;)
You can find some info about this at the URL below:
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...