[c-nsp] IOS DNS Question

Brian Turnbow b.turnbow at twt.it
Mon Jul 4 11:51:41 EDT 2005


Take a look a nat on a stick 

 
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094430.shtml


Brian
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Paul Stewart
Sent: lunedì 4 luglio 2005 17.09
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] IOS DNS Question

Hi everyone...
 
I have a client that we manage a router for... here's what they need (trying
to find best solution)...
 
They have a single static IP address from us that has:
 
ip nat inside source list 102 interface Dialer0 overload
ip nat inside source static tcp 192.168.2.4 389 interface Dialer0 389
ip nat inside source static tcp 192.168.2.4 709 interface Dialer0 709
ip nat inside source static tcp 192.168.2.4 829 interface Dialer0 829
ip nat inside source static tcp 192.168.2.6 1723 interface Dialer0 1723
ip nat inside source static tcp 192.168.2.4 3389 interface Dialer0 3389
ip nat inside source static tcp 192.168.2.4 80 interface Dialer0 80
ip nat inside source static tcp 192.168.2.4 21 interface Dialer0 21

for NAT translations.  The outside world knows their site by a domain name
http://www.123.com for example and this works fine from outside world.  From
internally, they can't surf this site by domain name because it resolves to
their public IP and NAT won't send them "back in" to their network... is
there a way around this? 
 
One suggestion I had from a person at Networkers was to turn up DNS on the
router.  I'm told that the DNS server on the router is smart enough to
provide the internal IP to users who are on the NAT'ed side of the network??
 
Any ideas would be great.. this customer is bugging me for answers.... our
last resort is to setup a DNS server on a linux box on our side and have
their internal network use it.... the customer refuses to make changes to
their already existing internal active directory DNS server which could
easily solve this problem...
 
Thanks,
 
Paul Stewart
 
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list