[nsp] NAT question

Bruce Pinsky bep at whack.org
Mon Feb 2 19:01:53 EST 2004

Hash: SHA1

Jay Nakamura wrote:
|>Why not solve this with DNS?  If you are running BIND 8.x or 9.x
|>you should
|>be able to use views to provide different IP address resolution to the
|>hosts inside vs the hosts outside your network.
| This is for a customer and they don't have their own DNS server nor the
| technical accruement to setup one.
| They are mostly upset because the cheap-o Linksys did this fine and now that
| they upgraded to a Cisco, it stopped working.

Depending on the location of the DNS server used by the inside clients, the
IP address could get fixed up by the router.  If the DNS server is outside
their network, I think you would need to loosen up the NAT ip access list
to allow packets between inside the network and the DNS server to get NAT'd
(and thus fixed up).

If the DNS server used by the clients is inside their network, they should
probably remove www.foobar.com from resolving inside and forward it to the
outside DNS server to be resolved and subsequently fixed up.

- --

Version: GnuPG v1.2.2 (MingW32)


More information about the cisco-nsp mailing list