Cisco: NAT - OpenDNS
I have 5 external IPs
10.10.10.1 - 10.10.10.5
10.10.10.1 Primary
10.10.10.2 Secondary on Cisco 2800
For OpenDNS to work it must see the WAN side IP of inbound DNS request. To have multiple filtering rules I need to use one WAN side IP per subnet translated.
The issues I have is that I can only get the system to see the WAN side address if I use a local DNS server NAT that to the WAN side IP....
What I want to do is skip the internal DNS server and have the DHCP give out the public DNS server IPs then have the entire subnet look like it's coming from the WAN side IP.
I want 172.16.0.0 / 24 to translate to 10.10.10.1 and 172.16.1.0 / 24 translating to 10.10.10.2
ip nat pool cahs_guest 10.10.10.1 10.10.10.1 netmask 255.255.255.224
ip nat pool cahs 10.10.10.2 10.10.10.2 netmask 255.255.255.224
ip nat inside source list 1 pool cahs overload
ip nat inside source list 2 pool cahs_guest overload
Then I have the subnets in the pool.
The only way it is working is with:
ip nat inside source static 172.16.0.5 10.10.10.2
10.10.10.1 - 10.10.10.5
10.10.10.1 Primary
10.10.10.2 Secondary on Cisco 2800
For OpenDNS to work it must see the WAN side IP of inbound DNS request. To have multiple filtering rules I need to use one WAN side IP per subnet translated.
The issues I have is that I can only get the system to see the WAN side address if I use a local DNS server NAT that to the WAN side IP....
What I want to do is skip the internal DNS server and have the DHCP give out the public DNS server IPs then have the entire subnet look like it's coming from the WAN side IP.
I want 172.16.0.0 / 24 to translate to 10.10.10.1 and 172.16.1.0 / 24 translating to 10.10.10.2
ip nat pool cahs_guest 10.10.10.1 10.10.10.1 netmask 255.255.255.224
ip nat pool cahs 10.10.10.2 10.10.10.2 netmask 255.255.255.224
ip nat inside source list 1 pool cahs overload
ip nat inside source list 2 pool cahs_guest overload
Then I have the subnets in the pool.
The only way it is working is with:
ip nat inside source static 172.16.0.5 10.10.10.2
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the direction
ASKER