cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
289
Views
0
Helpful
3
Replies

NAT issue on ADSL router

gautamzone
Level 1
Level 1

Dear friends,

A small issue on NAT'ing on a simple network:

The scenario is as follows:

1. Two inside networks viz. 172.16.0.0/24 and 192.168.1.0/24.

2. The first inside network 172.16.0.0/24 is behind ASA firewall

3. The second inside network 192.168.1.0/24 is behind ADSL Router.

4. The logical flow is <Inside 172.16.0.0 network>--->ASA Inside----->ASA Outside--->192.168.1.0/24 network-->ADSL Router-->outside world

5. There is no nating on ASA. All NAT'ing is done only on ADSL router

Problem: when i do a nslookup from 192.168.1.0/24 for the hostname for 172.16.0.2, it is giving me the Dialer or public IP address for 172.16.0.2 instead of giving 172.16.0.2 itself. This name resolution is causing a problem because 192.168.1.0 network users are not able to use the services hosted by 172.16.0.2

The Router is 2811 router and the firewall is ASA 5520

The problem described above vanishes when the server 172.16.0.2 is statically nat'ed to Dialer interface since this server is hosting ftp, smtp services. Once this is done, DNS lookup for the hostname fetches the expected result 172.16.0.2. Otherwise, the public address is fetched which is not desirable when the client resides within the network.

Is it possible that dns lookup requests for hostname xyz.com result in the internal ip address being fetched (something like DNS doctoring) without modifying the hosts file in all 192.168.1.0/24 machines?

Both the networks 192.168.1.0/24 network and 172.16.0.0/24 network are connected to inside of ADSL router.

Looking forward to your kind suggestions on this.

Thanks a lot

Gautam

3 Replies 3

Hi Gautam,

You don't have any internal dns servers,do you? When you try to solve the names from the internal network. The internal DNS server should reply the internal IP address of servers. If you don't then check this link out!

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml

HTH

Thot

Dear Thot,

The NAT device is IOS Router. Is there any DNS doctoring that an IOS router can do?

Yes, you can try the internal DNS server.

"ip dns server". If you have "ip hosts"configured, the Ip for them should be returned, for all others, a quesry is generated and the reply forwarded.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: