NAT Weirdness

mike-elliott · ‎04-25-2006

I have a 1811 using NAT to get our internal services out to the

internet. I have 2 dns servers on the inside of our network that serve

public queries.

I have a class c (provided by my ISP) for my outside interface. I have

the last 11 addresses setup in a pool to allow my workstations to surf

the net. I have setup static (one to one) mappings for several

services inside (e-mail, www, DNS).

My DNS servers are on different class-c networks inside.

-Secondary DNS xxx.xxx.216.107

/

- classC1 xxx.xxx.216.0

/

Internet --1811

\

- classC2 xxx.xxx.217.0

\

-Primary

DNS xxx.xxx.217.183

On classC1, I have an external address natted to xxx.xxx.216.107

(secondary DNS)

On classC2 I have an external address natted to xxx.xxx.217.183

(primary DNS)

As long as I have the nat statement on classC1 working, DNS works

properly. If I remove the classC1 staic nat, I can no longer reach the

primary DNS server. If I try and create an extended NAT translation,

it fails. I can not reach the primary or secondary server.

If I run debugs on the NAT, I can see that incoming DNS queries are

going to xxx.xxx.217.183.

I've attached a copy of my config (less the un-interesting bits).

s.jankowski · ‎05-03-2006

When you have IP connectivity problems in a NAT environment, it is often difficult to determine the cause of the problem. Many times NAT is mistakenly blamed, when in reality there is an underlying problem. This document demonstrates how to verify NAT operation using tools available on Cisco routers. This document also shows you how to perform basic NAT troubleshooting, and how to avoid common mistakes when troubleshooting NAT.

http://www.cisco.com/warp/public/556/13.html