Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Basic IOS NAT question.

I need to perform a NAT function on only DNS queries destined for external DNS servers that I receive on a single physical interface - all other traffic is to remain unchanged.

These DNS queries need to be redirected to DNS servers internal to my enterprise rather than DNS servers that my wireless service provider is "telling" the client machines to use.

I "Think" all I have to add to the config is the following:

ip nat inside source x.x.2.77 y.y.2.135

ip nat inside source x.x.5.3 y.y.130.135

int fa6/7

desription Interface receiving DNS queries from clients configed with external DNS server entries.

ip nat outside

int vlan 2

desription Interface 1 connected to subnet with enterprise DNS server.

ip nat inside

int vlan 5

description Interface 2 connected to subnet with enterprise DNS server

ip nat inside

I only want NAT performed on DNS queries RX'd on int fa 6/7 destined for either y.y.2.135 or y.y.130.135. All DNS queries destined for x.x.2.77 and x.x.5.3 need to remain untouched.

Will this work ?

Is it the best way or is there an alternative ?


Re: Basic IOS NAT question.

This document explains the use of the alias command on the Cisco Secure PIX Firewall.

The DNS server is on the outside. Verify that the DNS server resolves your domain name to the global IP address of the web server by issuing an nslookup command. The result of the nslookup on the client PC is the internal IP address of the server ( This is because the DNS reply gets doctored as it passes through the PIX.

CreatePlease login to create content