Cisco: NAT - OpenDNS

Posted on 2013-01-30
Last Modified: 2013-01-31
I have 5 external IPs - Primary Secondary on Cisco 2800

For OpenDNS to work it must see the WAN side IP of inbound DNS request. To have multiple filtering rules I need to use one WAN side IP per subnet translated.

The issues I have is that I can only get the system to see the WAN side address if I use a local DNS server NAT that to the WAN side IP....

What I want to do is skip the internal DNS server and have the DHCP give out the public DNS server IPs then have the entire subnet look like it's coming from the WAN side IP.

I want / 24 to translate to and  / 24 translating to

ip nat pool cahs_guest netmask
ip nat pool cahs netmask

ip nat inside source list 1 pool cahs  overload
ip nat inside source list 2 pool cahs_guest overload

Then I have the subnets in the pool.

The only way it is working is with:

ip nat inside source static
Question by:jpcoon
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 15

Assisted Solution

Frabble earned 125 total points
ID: 38837646
Presumably you also have:
access-list 1 permit ip
access-list 2 permit ip

and ip nat inside, ip nat outside on the required interfaces.

This should work. When you're attempting connections, what is the output from:
show ip nat translations
LVL 20

Accepted Solution

rauenpc earned 125 total points
ID: 38838104

Author Comment

ID: 38841231
There was a typo in my ip nat pool statement

Author Closing Comment

ID: 38841233
Thanks for the direction

Featured Post

Supports up to 4K resolution!

The VS192 2-Port 4K DisplayPort Splitter is perfect for anyone who needs to send one source of DisplayPort high definition video to two or four DisplayPort displays. The VS192 can split and also expand DisplayPort audio/video signal on two or four DisplayPort monitors.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It happens many times that access list (ACL) have to be applied to outgoing router interface in order to limit some traffic.This article is about how to test ACL from the router which is not very intuitive for everyone. Below scenario shows simple s…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses
Course of the Month3 days, 16 hours left to enroll

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question