https://community.cisco.com/t5/network-security/ezvpn-with-dns-forwarding/m-p/603269#M1054990 <P>I use my router itself as a DNS forwarder. Unfortunately when a domain query is requested on the LAN side, the packet is sourced with the ouside interface IP address which is ouside the EzVPN tunnel and thus the reply does not find it's way back. Can anybody suggest a way to solve this issue please? Maybe NATing the source packet for UDP and TCP 53 somhow to traverse the EzVPN tunnel? PS. "ip domain lookup source-interface..." is not taking effect in this EzVPN case. Please see my attached router config.</P><P></P><P>EzVPN Clinet - Network Extension (this router 871.. IOS 12.4.9)</P><P></P><P>EzVPN Server - VPN3030 </P><P></P><P> </P><P></P> Fri, 21 Feb 2020 09:01:00 GMT hadbihas 2020-02-21T09:01:00Z https://community.cisco.com/t5/network-security/ezvpn-with-dns-forwarding/m-p/603269#M1054990 <P>I use my router itself as a DNS forwarder. Unfortunately when a domain query is requested on the LAN side, the packet is sourced with the ouside interface IP address which is ouside the EzVPN tunnel and thus the reply does not find it's way back. Can anybody suggest a way to solve this issue please? Maybe NATing the source packet for UDP and TCP 53 somhow to traverse the EzVPN tunnel? PS. "ip domain lookup source-interface..." is not taking effect in this EzVPN case. Please see my attached router config.</P><P></P><P>EzVPN Clinet - Network Extension (this router 871.. IOS 12.4.9)</P><P></P><P>EzVPN Server - VPN3030 </P><P></P><P> </P><P></P> Fri, 21 Feb 2020 09:01:00 GMT https://community.cisco.com/t5/network-security/ezvpn-with-dns-forwarding/m-p/603269#M1054990 hadbihas 2020-02-21T09:01:00Z https://community.cisco.com/t5/network-security/ezvpn-with-dns-forwarding/m-p/603270#M1054998 <HTML><HEAD></HEAD><BODY><P>Might be you can create an Extended Access List that doesnt allw NATing for DNS query which is TCP/UDP 53 and allowing NATing for the services needed.For more information refer the following URL for creating access list.</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_command_reference_chapter09186a008017d1d4.html" target="_blank">http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_command_reference_chapter09186a008017d1d4.html</A>.</P></BODY></HTML> Wed, 05 Jul 2006 12:15:03 GMT https://community.cisco.com/t5/network-security/ezvpn-with-dns-forwarding/m-p/603270#M1054998 pradeepde 2006-07-05T12:15:03Z https://community.cisco.com/t5/network-security/ezvpn-with-dns-forwarding/m-p/603271#M1055002 <HTML><HEAD></HEAD><BODY><P>Sorry I don't understand what you mean? The issue here is that the domain packet is sourced with the outside address (no NATing happens anyway!). I had actually tried NATing the source address for a UDP/TCP 53 packet to the inside 10.xxx.. address which supposed to solve the issue for the return packet but still can't make it traverse the ezvpn tunnel!!</P></BODY></HTML> Wed, 05 Jul 2006 13:54:02 GMT https://community.cisco.com/t5/network-security/ezvpn-with-dns-forwarding/m-p/603271#M1055002 hadbihas 2006-07-05T13:54:02Z