Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

EzVPN with DNS forwarding

I use my router itself as a DNS forwarder. Unfortunately when a domain query is requested on the LAN side, the packet is sourced with the ouside interface IP address which is ouside the EzVPN tunnel and thus the reply does not find it's way back. Can anybody suggest a way to solve this issue please? Maybe NATing the source packet for UDP and TCP 53 somhow to traverse the EzVPN tunnel? PS. "ip domain lookup source-interface..." is not taking effect in this EzVPN case. Please see my attached router config.

EzVPN Clinet - Network Extension (this router 871.. IOS 12.4.9)

EzVPN Server - VPN3030

2 REPLIES
Bronze

Re: EzVPN with DNS forwarding

Might be you can create an Extended Access List that doesnt allw NATing for DNS query which is TCP/UDP 53 and allowing NATing for the services needed.For more information refer the following URL for creating access list.

http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_command_reference_chapter09186a008017d1d4.html.

New Member

Re: EzVPN with DNS forwarding

Sorry I don't understand what you mean? The issue here is that the domain packet is sourced with the outside address (no NATing happens anyway!). I had actually tried NATing the source address for a UDP/TCP 53 packet to the inside 10.xxx.. address which supposed to solve the issue for the return packet but still can't make it traverse the ezvpn tunnel!!

123
Views
0
Helpful
2
Replies
CreatePlease login to create content