Solved

Cisco: NAT - OpenDNS

Posted on 2013-01-30
4
515 Views
Last Modified: 2013-01-31
I have 5 external IPs

10.10.10.1 - 10.10.10.5

10.10.10.1 Primary
10.10.10.2 Secondary on Cisco 2800

For OpenDNS to work it must see the WAN side IP of inbound DNS request. To have multiple filtering rules I need to use one WAN side IP per subnet translated.

The issues I have is that I can only get the system to see the WAN side address if I use a local DNS server NAT that to the WAN side IP....

What I want to do is skip the internal DNS server and have the DHCP give out the public DNS server IPs then have the entire subnet look like it's coming from the WAN side IP.

I want 172.16.0.0 / 24 to translate to 10.10.10.1 and 172.16.1.0  / 24 translating to 10.10.10.2


ip nat pool cahs_guest 10.10.10.1 10.10.10.1 netmask 255.255.255.224
ip nat pool cahs 10.10.10.2 10.10.10.2 netmask 255.255.255.224

ip nat inside source list 1 pool cahs  overload
ip nat inside source list 2 pool cahs_guest overload

Then I have the subnets in the pool.

The only way it is working is with:

ip nat inside source static 172.16.0.5 10.10.10.2
0
Comment
Question by:jpcoon
  • 2
4 Comments
 
LVL 15

Assisted Solution

by:Frabble
Frabble earned 125 total points
ID: 38837646
Presumably you also have:
access-list 1 permit ip 172.16.1.0 0.0.0.255
access-list 2 permit ip 172.16.0.0 0.0.0.255

and ip nat inside, ip nat outside on the required interfaces.

This should work. When you're attempting connections, what is the output from:
show ip nat translations
0
 
LVL 20

Accepted Solution

by:
rauenpc earned 125 total points
ID: 38838104
0
 

Author Comment

by:jpcoon
ID: 38841231
There was a typo in my ip nat pool statement
0
 

Author Closing Comment

by:jpcoon
ID: 38841233
Thanks for the direction
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now