Solved

Cisco: NAT - OpenDNS

Posted on 2013-01-30
4
506 Views
Last Modified: 2013-01-31
I have 5 external IPs

10.10.10.1 - 10.10.10.5

10.10.10.1 Primary
10.10.10.2 Secondary on Cisco 2800

For OpenDNS to work it must see the WAN side IP of inbound DNS request. To have multiple filtering rules I need to use one WAN side IP per subnet translated.

The issues I have is that I can only get the system to see the WAN side address if I use a local DNS server NAT that to the WAN side IP....

What I want to do is skip the internal DNS server and have the DHCP give out the public DNS server IPs then have the entire subnet look like it's coming from the WAN side IP.

I want 172.16.0.0 / 24 to translate to 10.10.10.1 and 172.16.1.0  / 24 translating to 10.10.10.2


ip nat pool cahs_guest 10.10.10.1 10.10.10.1 netmask 255.255.255.224
ip nat pool cahs 10.10.10.2 10.10.10.2 netmask 255.255.255.224

ip nat inside source list 1 pool cahs  overload
ip nat inside source list 2 pool cahs_guest overload

Then I have the subnets in the pool.

The only way it is working is with:

ip nat inside source static 172.16.0.5 10.10.10.2
0
Comment
Question by:jpcoon
  • 2
4 Comments
 
LVL 15

Assisted Solution

by:Frabble
Frabble earned 125 total points
Comment Utility
Presumably you also have:
access-list 1 permit ip 172.16.1.0 0.0.0.255
access-list 2 permit ip 172.16.0.0 0.0.0.255

and ip nat inside, ip nat outside on the required interfaces.

This should work. When you're attempting connections, what is the output from:
show ip nat translations
0
 
LVL 20

Accepted Solution

by:
rauenpc earned 125 total points
Comment Utility
0
 

Author Comment

by:jpcoon
Comment Utility
There was a typo in my ip nat pool statement
0
 

Author Closing Comment

by:jpcoon
Comment Utility
Thanks for the direction
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

It happens many times that access list (ACL) have to be applied to outgoing router interface in order to limit some traffic.This article is about how to test ACL from the router which is not very intuitive for everyone. Below scenario shows simple s…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now