Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

DNS issue out a NAT

I have a Cisco 877 that has a ADSL interface and two internal VLANS assigned to different switch ports. Running ADV IP Services.

The problem I have is that I cannot get the host in the VLAN3 (192.168.100.75) to access DNS servers on the Internet. There are no denies from the access lists and it can seem to access everything else on the internet and even DNS on the other VLAN. Hosts on the other VLAN have no problem accessing DNS servers on the Internet.

Attached is the sanitised config. If anyone has any ideas that would be great. I have opened up the access-lists to access an internal DNS for the mean time.

4 REPLIES
Cisco Employee

Re: DNS issue out a NAT

Hi Scott,

I have went briefly over your configuration - it does not seem to have any obvious errors. Are you suggesting that the host 192.168.100.75 cannot talk to outside DNS servers? What exactly does it mean? Is it able to at least ping them? Is it possible to see in Wireshark if the DNS queries are indeed sent out? Are also any DNS responses arriving back?

Let's try to have a close look on what exactly happens to the DNS queries sent by that host. I also suggest creating an ACL 1 in the form

access-list 1 permit 192.168.100.75

and then running the

debug ip nat 1 detailed

to see what exactly is going on at the router.

Best regards,

Peter

Community Member

Re: DNS issue out a NAT

Hi Peter,

Thanks for the reply. Yes that is right the host 192.168.100.75 cannot get a response from any DNS servers. They don't respond to ping, as far as I know, so we can't test that. I do see a translation in place for the servers though.

The router is in another country, so it is hard to get a wireshark capture, but your other ideas may help.

Thanks

Re: DNS issue out a NAT

Are you using the same DNS for both vlans? From your acl WAN_IN it appears that only one dns is allowed from the outside:

ip access-list extended WAN_IN

permit udp host 139.130.4.5 eq domain any

regards,

Leo

Community Member

Re: DNS issue out a NAT

Hi Leo,

Thanks for the reply. I have tried the same DNS server from both hosts, actually not 139.130.4.5. I am not sure why that is there. I think the statefull firewall will allow the return traffic.

Regards,

Scotty

128
Views
0
Helpful
4
Replies
CreatePlease to create content