Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

NAT Inconsistencies

Hi,

I am running a 2821 Router running 12.4(23) and I am having some odd experiences with nat.

Basically i want the clients on one subnet to be natted for everything except DNS traffic.

The natting works correctly if im just testing basic nat. however when I add an access list it is inconsistent. I added an access list which has basically a deny statements matching any udp/tcp traffic on port 53 and a permit statement for all IP.

When i clear the nat translations and do an NSLookup on a client on the subnet the first few queries are not natted.However they then randomly start to be natted, and the translations shows udp translations on port 53

Anyone have any ideas.

regards

Miron

3 REPLIES
Hall of Fame Super Silver

Re: NAT Inconsistencies

Hello Miron,

clients DNS queries are done on UDP port 53 only.

TCP port 53 is used for zone transfers between DNS servers.

Are you using an internal DNS server or your clients point directly to an ISP DNS ?

Hope to help

Giuseppe

New Member

Re: NAT Inconsistencies

Hey Giuseppe,

We are using an internal DNS Server. However the issue is not with DNS it is with the nating not being consistent.

Regards

Miron

Cisco Employee

Re: NAT Inconsistencies

can u share the ACL's u used and the relevant nat configs on the interfaces?

97
Views
0
Helpful
3
Replies
CreatePlease to create content