Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

NAT configuration

hi,

i have 1841router on my remote office connected to my core router with E1 lines on interface serial 0/2/0, my core router connected to ISP using gigabitethernet 0/0.Now i have configured nat on my core router, the interface connected to remote office with "IP nat insde" and the core router interface connected to the ISP with " IP nat outside". Then i defiend ip nat inside source list REMOTEOFFICE interface GigabitEthernet0/0 overload. REMOTEOFFICE is the ACL which permits the ip to be natted.We are using our internal DNS in our HEADQUARTER and wants the remote office traffic to be resolved through it. but when i use ISP DNS at remote office it works fine but when i use internal DNS address in our remote office it doesnot work, it pings to the DNS but doesnot work. The problem is that we want to use internal DNS for internet browsing.

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Re: NAT configuration

Hello Waseem,

post the configuration of ACL REMOTEOFFICE because this behaviour can derive from it.

The ACL used with NAT can be an extended ACL and what is denied in the ACL is not natted.

So I guess you need a deny statement to make the users in the remote office able to contact the internal DNS with no NAT action

something like:

access-list 123 deny udp 10.10.10.0 0.0.0.255 host 10.50.30.120 eq dns

access-list 123 deny ip 10.10.10.0 0.0.0.255 10.50.0.0 0.0.255.255

access-list 123 permit 10.10.10.0 0.0.0.255 any

Hope to help

Giuseppe

2 REPLIES
Hall of Fame Super Silver

Re: NAT configuration

Hello Waseem,

post the configuration of ACL REMOTEOFFICE because this behaviour can derive from it.

The ACL used with NAT can be an extended ACL and what is denied in the ACL is not natted.

So I guess you need a deny statement to make the users in the remote office able to contact the internal DNS with no NAT action

something like:

access-list 123 deny udp 10.10.10.0 0.0.0.255 host 10.50.30.120 eq dns

access-list 123 deny ip 10.10.10.0 0.0.0.255 10.50.0.0 0.0.255.255

access-list 123 permit 10.10.10.0 0.0.0.255 any

Hope to help

Giuseppe

Community Member

Re: NAT configuration

Thanks Giuseppe , it resolved my problem.

108
Views
0
Helpful
2
Replies
CreatePlease to create content