- Cisco Community
- Technology and Support
- Networking
- Network Management
- Re: 4431 cannot resolve DNS from internal
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
4431 cannot resolve DNS from internal
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-11-2018 02:14 AM
Dear community,
I have been struggling to resolve my issue. I have ISR 4431 configured via GigabitEthernet0/0/1.2 to my ISP (vlan).
Internal networks are as other vlans on subinterfaces.
From the level of router i am able to ping google.com (as well as 8.8.8.8) and it resolves it. From any internal network (fe 10.10.10.0) i am able to ping any IP i want but it cannot resolve names. When i turned on ip error debugging on router i can observe a lot of "dispose udp.noport" errrors.:
Nov 11 09:57:13.358: IP: s=8.8.8.8 (GigabitEthernet0/0/1.2), d=10.10.10.2 (GigabitEthernet0/0/0), len 91, dispose udp.noport Nov 11 09:57:13.370: IP: s=8.8.8.8 (GigabitEthernet0/0/1.2), d=10.10.10.2, len 91, dispose udp.noport Nov 11 09:57:14.385: IP: s=8.8.8.8 (GigabitEthernet0/0/1.2), d=10.10.10.2 (GigabitEthernet0/0/0), len 91, dispose udp.noport Nov 11 09:57:16.386: IP: s=8.8.8.8 (GigabitEthernet0/0/1.2), d=10.10.10.2 (GigabitEthernet0/0/0), len 91, dispose udp.noport Nov 11 09:57:20.396: IP: s=8.8.8.8 (GigabitEthernet0/0/1.2), d=10.10.10.2 (GigabitEthernet0/0/0), len 91, dispose udp.noport
Please help as i searched and it means that no application is listening on given port but i dont know how to understand that. Attached is my config. Can anyone please help ?
- Labels:
-
Network Management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-11-2018 02:47 AM
From PC can you do nslookup google.com and post the output here.
in your config i see some config related to DNS can you explain ?
domain resolver source-interface GigabitEthernet0/0/2.1 dns forwarder 192.168.1.1 dns forwarder A.B.C.D dns forwarding source-interface GigabitEthernet0/0/1.2
Can you ping cisco,com using source if internal interface ? can you post that output.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-11-2018 03:08 AM
Thank you for a reply !
Nslookup from PC assigned to any internal network gives ";; connection timed out; no servers could be reached"
These lines are my failed attempts to fix it by setting up 4431 as a internal DNS server and to forward the queries to external google DNS server. I can delete them, i forgot to delete them before pasting the config, sorry. A B C D is my external ip address assigned to GigabitEthernet0/0/1.2 which i deleted from the config because of security reasons.
Yes, i am able to ping cisco.com from the router using internal IP interface:
feniks_wat#ping cisco.com source 10.10.10.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 72.163.4.185, timeout is 2 seconds: Packet sent with a source address of 10.10.10.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 135/135/136 ms
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-11-2018 03:28 AM
Is your PC getting DHCP From router or Static IP.
can you post PC output
ipconfig /all
nslookup cisco.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-11-2018 03:42 AM
It is a static IP.
Output of ipconfig:
C:\Users\Piotr>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : DESKTOP-E89TIDT Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter Ethernet: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Killer E2200 Gigabit Ethernet Controller Physical Address. . . . . . . . . : 8C-89-A5-09-28-95 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 10.10.10.2(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 10.10.10.1 DNS Servers . . . . . . . . . . . : 8.8.8.8 NetBIOS over Tcpip. . . . . . . . : Enabled
Output of nslookup:
C:\Users\Piotr>nslookup cisco.com DNS request timed out. timeout was 2 seconds. Server: UnKnown Address: 8.8.8.8 DNS request timed out. timeout was 2 seconds. DNS request timed out. timeout was 2 seconds. DNS request timed out. timeout was 2 seconds. DNS request timed out. timeout was 2 seconds. *** Request to UnKnown timed-out
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-11-2018 03:53 AM
OK your PC configured to use 8.8.8.8 DNS, but its not reaching to 8.8.8.8 to resolve nslookup
Can you check on xlate on router when you doing nslookup on PC. ( as you confirmed you able to ping from router)
your output scrambled hard to read it, make sure you post in simple text output so we can ready and advise.
post show nat translate and new running config to review.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-11-2018 05:15 AM
Yes, i am able to ping cisco.com from the router.
Here is a NAT table during nslookup from linux PC (glados) connected via 192.168.1.4:
Pro Inside global Inside local Outside local Outside global
--- EXT_IP_2 192.168.2.3 --- ---
udp EXT_IP_1:53 192.168.1.0:53 --- ---
udp EXT_IP_1:80 192.168.1.0:80 --- ---
udp 10.10.10.1:53 10.10.10.1:53 --- ---
icmp EXT_IP_2:0 192.168.2.3:0 171.13.14.12:0 171.13.14.12:0
tcp EXT_IP_1:1052 192.168.1.4:39934 8.8.8.8:53 8.8.8.8:53
icmp EXT_IP_2:18358 192.168.2.3:18358 193.105.35.248:18358 193.105.35.248:18358
icmp EXT_IP_1:26 192.168.1.4:1991 8.8.8.8:1991 8.8.8.8:26
udp EXT_IP_1:1070 10.10.10.3:37536 213.199.225.30:123 213.199.225.30:123
icmp EXT_IP_1:1 10.10.10.1:0 10.10.10.3:0 10.10.10.3:1
tcp EXT_IP_1:1029 192.168.1.4:39888 8.8.8.8:53 8.8.8.8:53
tcp EXT_IP_1:520 192.168.1.4:39960 8.8.8.8:53 8.8.8.8:53
tcp EXT_IP_1:566 192.168.1.4:40472 8.8.8.8:53 8.8.8.8:53
tcp EXT_IP_1:563 192.168.1.4:40464 8.8.8.8:53 8.8.8.8:53
icmp EXT_IP_1:53 192.168.1.4:23900 8.8.8.8:23900 8.8.8.8:53
tcp EXT_IP_1:529 192.168.1.4:39998 8.8.8.8:53 8.8.8.8:53
tcp EXT_IP_1:1025 192.168.1.5:54252 104.197.3.80:80 104.197.3.80:80
icmp EXT_IP_1:41 192.168.1.4:2809 8.8.8.8:2809 8.8.8.8:41
icmp EXT_IP_2:0 192.168.2.3:0 37.49.231.164:0 37.49.231.164:0
tcp EXT_IP_1:516 192.168.1.4:39944 8.8.8.8:53 8.8.8.8:53
icmp EXT_IP_2:1784 192.168.2.3:1784 94.130.40.141:1784 94.130.40.141:1784
udp EXT_IP_1:1058 10.10.10.3:47486 193.219.28.147:123 193.219.28.147:123
tcp EXT_IP_1:560 192.168.1.4:40456 8.8.8.8:53 8.8.8.8:53
icmp EXT_IP_1:42 10.10.10.1:18746 10.10.10.5:18746 10.10.10.5:42
icmp EXT_IP_2:0 192.168.2.3:0 74.208.47.90:0 74.208.47.90:0
icmp EXT_IP_2:1 192.168.2.3:1 200.7.6.129:1 200.7.6.129:1
icmp EXT_IP_2:0 192.168.2.3:0 74.82.47.37:0 74.82.47.37:0
tcp EXT_IP_1:527 192.168.1.4:39982 8.8.8.8:53 8.8.8.8:53
tcp EXT_IP_2:9006 192.168.2.3:9006 193.106.31.194:58130 193.106.31.194:58130
tcp EXT_IP_1:567 192.168.1.4:40494 8.8.8.8:53 8.8.8.8:53
tcp EXT_IP_2:9006 192.168.2.3:9006 193.106.31.194:58130 193.106.31.194:58130
tcp EXT_IP_1:567 192.168.1.4:40494 8.8.8.8:53 8.8.8.8:53
udp EXT_IP_2:17 192.168.2.3:17 74.82.47.37:10635 74.82.47.37:10635
icmp EXT_IP_2:0 192.168.2.3:0 184.105.139.107:0 184.105.139.107:0
icmp EXT_IP_2:0 192.168.2.3:0 209.197.191.71:0 209.197.191.71:0
icmp EXT_IP_1:3 10.10.10.1:12177 10.10.10.3:12177 10.10.10.3:3
icmp EXT_IP_1:8 10.10.10.3:13766 8.8.8.8:13766 8.8.8.8:8
udp EXT_IP_2:5060 192.168.2.3:5060 209.197.191.71:5073 209.197.191.71:5073
tcp EXT_IP_1:1044 192.168.1.4:39918 8.8.8.8:53 8.8.8.8:53
tcp EXT_IP_1:539 192.168.1.4:40162 8.8.8.8:53 8.8.8.8:53
icmp EXT_IP_1:30 10.10.10.1:97 212.77.98.9:97 212.77.98.9:30
icmp EXT_IP_1:35 192.168.1.4:2790 8.8.8.8:2790 8.8.8.8:35
tcp EXT_IP_1:1040 192.168.1.4:39910 8.8.8.8:53 8.8.8.8:53
udp EXT_IP_1:1057 10.10.10.3:54369 194.29.130.252:123 194.29.130.252:123
udp EXT_IP_1:1059 10.10.10.3:39357 195.46.37.22:123 195.46.37.22:123
icmp EXT_IP_1:49 192.168.1.4:2984 10.10.10.2:2984 10.10.10.2:49
udp EXT_IP_1:1061 10.10.10.3:57935 195.189.85.132:123 195.189.85.132:123
tcp EXT_IP_2:8080 192.168.2.3:8080 69.64.185.166:51060 69.64.185.166:51060
tcp EXT_IP_2:8080 192.168.2.3:8080 182.16.184.178:60087 182.16.184.178:60087
icmp EXT_IP_2:0 192.168.2.3:0 212.83.142.211:0 212.83.142.211:0
icmp EXT_IP_2:0 192.168.2.3:0 198.61.166.201:0 198.61.166.201:0
icmp EXT_IP_1:54 192.168.1.4:24028 8.8.8.8:24028 8.8.8.8:54
tcp EXT_IP_1:519 192.168.1.4:39958 8.8.8.8:53 8.8.8.8:53
tcp EXT_IP_1:542 192.168.1.4:40210 8.8.8.8:53 8.8.8.8:53
icmp EXT_IP_1:7 10.10.10.3:13765 8.8.8.8:13765 8.8.8.8:7
tcp EXT_IP_1:572 192.168.1.4:40982 8.8.8.8:53 8.8.8.8:53
icmp EXT_IP_1:23 192.168.1.1:75 212.77.98.9:75 212.77.98.9:23
udp EXT_IP_1:1063 10.10.10.3:44224 188.165.17.91:123 188.165.17.91:123
icmp EXT_IP_2:18393 192.168.2.3:18393 193.105.35.248:18393 193.105.35.248:18393
icmp EXT_IP_2:0 192.168.2.3:0 37.49.231.159:0 37.49.231.159:0
udp EXT_IP_1:513 192.168.1.1:67 8.8.8.8:67 8.8.8.8:67
icmp EXT_IP_1:43 10.10.10.1:18825 10.10.10.5:18825 10.10.10.5:43
icmp EXT_IP_2:0 192.168.2.3:0 37.49.231.71:0 37.49.231.71:0
icmp EXT_IP_1:31 10.10.10.1:98 212.77.98.9:98 212.77.98.9:31
udp EXT_IP_2:5060 192.168.2.3:5060 212.83.142.211:65167 212.83.142.211:65167
icmp EXT_IP_1:21 10.10.10.1:73 212.77.98.9:73 212.77.98.9:21
icmp EXT_IP_1:6 10.10.10.3:13685 8.8.8.8:13685 8.8.8.8:6
icmp EXT_IP_1:19 192.168.1.4:424 8.8.8.8:424 8.8.8.8:19
tcp EXT_IP_2:2446 192.168.2.3:2446 176.119.4.32:56999 176.119.4.32:56999
udp EXT_IP_1:1026 192.168.1.4:48397 91.189.94.4:123 91.189.94.4:123
udp EXT_IP_1:1056 10.10.10.3:53596 193.25.222.240:123 193.25.222.240:123
tcp EXT_IP_1:1028 192.168.1.4:39886 8.8.8.8:53 8.8.8.8:53
tcp EXT_IP_1:599 192.168.1.4:42058 8.8.8.8:53 8.8.8.8:53
tcp EXT_IP_1:1024 192.168.1.4:39878 8.8.8.8:53 8.8.8.8:53
tcp EXT_IP_1:548 192.168.1.4:40296 8.8.8.8:53 8.8.8.8:53
icmp EXT_IP_1:25 192.168.1.4:1988 8.8.8.8:1988 8.8.8.8:25
tcp EXT_IP_1:540 192.168.1.4:40164 8.8.8.8:53 8.8.8.8:53
udp EXT_IP_1:1060 10.10.10.3:52287 192.86.14.67:123 192.86.14.67:123
tcp EXT_IP_1:1041 192.168.1.4:39912 8.8.8.8:53 8.8.8.8:53
icmp EXT_IP_1:27 192.168.1.4:2024 8.8.8.8:2024 8.8.8.8:27
tcp EXT_IP_1:523 192.168.1.4:39968 8.8.8.8:53 8.8.8.8:53
icmp EXT_IP_1:14 192.168.1.2:0 212.91.11.105:0 212.91.11.105:14
tcp EXT_IP_1:544 192.168.1.4:40228 8.8.8.8:53 8.8.8.8:53
tcp EXT_IP_2:80 192.168.2.3:80 62.173.154.228:6 62.173.154.228:6
udp EXT_IP_1:1068 10.10.10.3:35040 94.154.96.7:123 94.154.96.7:123
icmp EXT_IP_1:48 192.168.1.4:2981 10.10.10.2:2981 10.10.10.2:48
tcp EXT_IP_1:515 192.168.1.4:39942 8.8.8.8:53 8.8.8.8:53
udp EXT_IP_1:1066 10.10.10.3:52439 193.219.28.2:123 193.219.28.2:123
tcp EXT_IP_2:8080 192.168.2.3:8080 223.133.183.112:55069 223.133.183.112:55069
udp EXT_IP_1:1067 10.10.10.3:47883 193.70.94.182:123 193.70.94.182:123
tcp EXT_IP_1:1046 192.168.1.4:39922 8.8.8.8:53 8.8.8.8:53
tcp EXT_IP_2:2994 192.168.2.3:2994 176.119.4.32:56999 176.119.4.32:56999
icmp EXT_IP_1:17 192.168.1.4:336 8.8.8.8:336 8.8.8.8:17
icmp EXT_IP_1:4 10.10.10.1:12179 10.10.10.3:12179 10.10.10.3:4
icmp EXT_IP_1:22 192.168.1.1:74 212.77.98.9:74 212.77.98.9:22
udp EXT_IP_1:512 10.10.10.2:137 10.10.10.255:137 10.10.10.255:137
tcp EXT_IP_1:1050 192.168.1.4:39930 8.8.8.8:53 8.8.8.8:53
tcp EXT_IP_2:8080 192.168.2.3:8080 91.198.76.130:53775 91.198.76.130:53775
icmp EXT_IP_1:18 192.168.1.4:379 8.8.8.8:379 8.8.8.8:18
tcp EXT_IP_2:80 192.168.2.3:80 178.47.29.246:65010 178.47.29.246:65010
udp EXT_IP_2:53334 192.168.2.3:53334 37.49.231.51:5185 37.49.231.51:5185
udp EXT_IP_1:1062 10.10.10.3:48198 31.216.56.5:123 31.216.56.5:123
tcp EXT_IP_1:1035 192.168.1.4:39900 8.8.8.8:53 8.8.8.8:53
tcp EXT_IP_2:8080 192.168.2.3:8080 120.72.21.39:43993 120.72.21.39:43993
udp EXT_IP_1:1074 10.10.10.3:37438 159.253.242.123:123 159.253.242.123:123
tcp EXT_IP_1:1031 192.168.1.4:39892 8.8.8.8:53 8.8.8.8:53
icmp EXT_IP_2:0 192.168.2.3:0 37.49.231.51:0 37.49.231.51:0
tcp EXT_IP_1:522 192.168.1.4:39964 8.8.8.8:53 8.8.8.8:53
icmp EXT_IP_2:0 192.168.2.3:0 62.210.6.24:0 62.210.6.24:0
icmp EXT_IP_1:15 192.168.1.2:0 8.8.8.8:0 8.8.8.8:15
udp EXT_IP_2:51815 192.168.2.3:51815 37.49.231.51:5185 37.49.231.51:5185
icmp EXT_IP_1:29 10.10.10.1:89 212.77.98.9:89 212.77.98.9:29
udp EXT_IP_2:5060 192.168.2.3:5060 37.49.231.71:5062 37.49.231.71:5062
icmp EXT_IP_1:51 192.168.1.4:23873 8.8.8.8:23873 8.8.8.8:51
icmp EXT_IP_1:12 10.10.10.3:14301 8.8.8.8:14301 8.8.8.8:12
icmp EXT_IP_1:45 192.168.1.4:2841 8.8.8.8:2841 8.8.8.8:45
tcp EXT_IP_1:1055 192.168.1.4:39940 8.8.8.8:53 8.8.8.8:53
icmp EXT_IP_1:24 192.168.1.4:1974 8.8.8.8:1974 8.8.8.8:24
udp EXT_IP_1:1024 192.168.1.4:59412 91.189.94.4:123 91.189.94.4:123
tcp EXT_IP_1:558 192.168.1.4:40452 8.8.8.8:53 8.8.8.8:53
tcp EXT_IP_1:561 192.168.1.4:40460 8.8.8.8:53 8.8.8.8:53
icmp EXT_IP_2:47430 192.168.2.3:47430 195.169.125.251:47430 195.169.125.251:47430
icmp EXT_IP_1:28 192.168.1.4:2040 8.8.8.8:2040 8.8.8.8:28
tcp EXT_IP_1:525 192.168.1.4:39978 8.8.8.8:53 8.8.8.8:53
udp EXT_IP_2:5060 192.168.2.3:5060 62.210.6.24:5078 62.210.6.24:5078
tcp EXT_IP_1:576 192.168.1.4:41002 8.8.8.8:53 8.8.8.8:53
udp EXT_IP_2:8060 192.168.2.3:8060 37.49.231.159:5014 37.49.231.159:5014
tcp EXT_IP_1:547 192.168.1.4:40290 8.8.8.8:53 8.8.8.8:53
udp EXT_IP_1:1029 192.168.1.4:60205 8.8.8.8:53 8.8.8.8:53
udp EXT_IP_2:28 192.168.2.3:28 171.13.14.12:14064 171.13.14.12:14064
icmp EXT_IP_1:40 10.10.10.1:106 212.77.98.9:106 212.77.98.9:40
icmp EXT_IP_2:291 192.168.2.3:291 46.201.224.85:291 46.201.224.85:291
udp EXT_IP_2:5060 192.168.2.3:5060 198.61.166.201:5069 198.61.166.201:5069
icmp EXT_IP_1:44 10.10.10.1:18832 10.10.10.5:18832 10.10.10.5:44
icmp EXT_IP_1:46 192.168.1.4:2861 8.8.8.8:2861 8.8.8.8:46
tcp EXT_IP_1:528 192.168.1.4:39996 8.8.8.8:53 8.8.8.8:53
icmp EXT_IP_1:33 192.168.1.4:2561 8.8.8.8:2561 8.8.8.8:33
tcp EXT_IP_1:568 192.168.1.4:40500 8.8.8.8:53 8.8.8.8:53
udp EXT_IP_1:1027 192.168.1.4:50457 91.189.89.198:123 91.189.89.198:123
udp EXT_IP_2:51139 192.168.2.3:51139 37.49.231.51:5185 37.49.231.51:5185
tcp EXT_IP_1:564 192.168.1.4:40466 8.8.8.8:53 8.8.8.8:53
udp EXT_IP_1:1028 192.168.1.4:35447 91.189.89.199:123 91.189.89.199:123
icmp EXT_IP_1:9 10.10.10.3:13774 8.8.8.8:13774 8.8.8.8:9
tcp EXT_IP_1:543 192.168.1.4:40222 8.8.8.8:53 8.8.8.8:53
icmp EXT_IP_2:0 192.168.2.3:0 51.15.22.211:0 51.15.22.211:0
icmp EXT_IP_1:16 192.168.1.4:32763 8.8.8.8:32763 8.8.8.8:16
icmp EXT_IP_1:5 10.10.10.3:12185 8.8.8.8:12185 8.8.8.8:5
tcp EXT_IP_1:546 192.168.1.4:40282 8.8.8.8:53 8.8.8.8:53
udp EXT_IP_2:5060 192.168.2.3:5060 51.15.22.211:5061 51.15.22.211:5061
udp EXT_IP_2:443 192.168.2.3:443 185.200.118.46:47247 185.200.118.46:47247
tcp EXT_IP_1:1030 192.168.1.4:39890 8.8.8.8:53 8.8.8.8:53
udp EXT_IP_2:11211 192.168.2.3:11211 184.105.139.107:21884 184.105.139.107:21884
tcp EXT_IP_1:1034 192.168.1.4:39898 8.8.8.8:53 8.8.8.8:53
icmp EXT_IP_1:47 192.168.1.4:2912 8.8.8.8:2912 8.8.8.8:47
udp EXT_IP_2:52363 192.168.2.3:52363 37.49.231.51:5185 37.49.231.51:5185
icmp EXT_IP_1:37 10.10.10.1:99 10.10.10.2:99 10.10.10.2:37
icmp EXT_IP_1:38 10.10.10.1:100 10.10.10.2:100 10.10.10.2:38
icmp EXT_IP_1:11 10.10.10.1:11 212.77.98.9:11 212.77.98.9:11
icmp EXT_IP_1:36 10.10.10.1:1 10.10.10.2:1 10.10.10.2:36
udp EXT_IP_2:5060 192.168.2.3:5060 212.83.142.211:64724 212.83.142.211:64724
icmp EXT_IP_1:20 192.168.1.4:1076 8.8.8.8:1076 8.8.8.8:20
udp EXT_IP_2:5060 192.168.2.3:5060 37.49.231.164:5069 37.49.231.164:5069
tcp EXT_IP_1:555 192.168.1.4:40444 8.8.8.8:53 8.8.8.8:53
tcp EXT_IP_1:1047 192.168.1.4:39924 8.8.8.8:53 8.8.8.8:53
icmp EXT_IP_1:55 192.168.1.5:1 8.8.8.8:1 8.8.8.8:55
udp EXT_IP_1:1025 192.168.1.4:43111 91.189.91.157:123 91.189.91.157:123
icmp EXT_IP_1:2 10.10.10.1:12176 10.10.10.3:12176 10.10.10.3:2
icmp EXT_IP_1:13 10.10.10.2:1 8.8.8.8:1 8.8.8.8:13
tcp EXT_IP_1:603 192.168.1.4:42062 8.8.8.8:53 8.8.8.8:53
icmp EXT_IP_1:52 192.168.1.4:23884 212.77.98.9:23884 212.77.98.9:52
udp EXT_IP_2:5060 192.168.2.3:5060 74.208.47.90:5062 74.208.47.90:5062
udp EXT_IP_1:1064 10.10.10.3:35678 91.212.242.21:123 91.212.242.21:123
icmp EXT_IP_1:10 10.10.10.3:13782 8.8.8.8:13782 8.8.8.8:10
tcp EXT_IP_1:551 192.168.1.4:40428 8.8.8.8:53 8.8.8.8:53
tcp EXT_IP_1:1039 192.168.1.4:39908 8.8.8.8:53 8.8.8.8:53
tcp EXT_IP_1:1043 192.168.1.4:39916 8.8.8.8:53 8.8.8.8:53
udp EXT_IP_1:1065 10.10.10.3:47822 149.156.24.40:123 149.156.24.40:123
tcp EXT_IP_1:577 192.168.1.4:41004 8.8.8.8:53 8.8.8.8:53
icmp EXT_IP_1:32 192.168.1.4:2359 212.77.98.9:2359 212.77.98.9:32
icmp EXT_IP_1:39 10.10.10.1:105 72.163.4.185:105 72.163.4.185:39
tcp EXT_IP_1:526 192.168.1.4:39980 8.8.8.8:53 8.8.8.8:53
icmp EXT_IP_1:50 192.168.1.4:23862 8.8.8.8:23862 8.8.8.8:50
icmp EXT_IP_2:0 192.168.2.3:0 185.200.118.46:0 185.200.118.46:0
tcp EXT_IP_1:517 192.168.1.4:39946 8.8.8.8:53 8.8.8.8:53
icmp EXT_IP_1:34 192.168.1.4:2744 8.8.8.8:2744 8.8.8.8:34
udp EXT_IP_1:1078 10.10.10.3:51842 178.252.19.225:123 178.252.19.225:123
tcp EXT_IP_1:1054 192.168.1.4:39938 8.8.8.8:53 8.8.8.8:53
Total number of translations: 185
And current config:
feniks_wat#sh running-config
Building configuration...
Current configuration : 5650 bytes
!
! Last configuration change at 14:06:13 GMT Sun Nov 11 2018
! NVRAM config last updated at 19:25:57 GMT Fri Nov 9 2018 by feniks_wat
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname feniks_wat
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
no logging console
enable secret 5 $1$GyEb$bMoNkkZ6dafLhhN7wWpUB/
!
no aaa new-model
clock timezone GMT 1 0
!
!
!
!
!
!
!
!
!
!
!
ip host glados 192.168.1.4
ip name-server 8.8.8.8
ip domain lookup recursive
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
multilink bundle-name authenticated
!
!
!
crypto pki trustpoint TP-self-signed-1346935792
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1346935792
revocation-check none
rsakeypair TP-self-signed-1346935792
!
!
crypto pki certificate chain TP-self-signed-1346935792
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31333436 39333537 3932301E 170D3138 31303239 31373430
35395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 33343639
33353739 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B4C8 FA47E658 6ACFE4CC 83408A15 A5D86544 F9D9AD24 E155287C DC95A902
CD2EE5E0 ADFC1213 F0A412B9 D4D32694 A02C62C6 7A43C3D1 8E0D0D10 14E5197C
952C4D79 1D259A92 FE7531C3 5AADBAFA 76490AEA 6CE1F183 6A83A47A 3EF97954
069DF534 A8731644 8CFDDA7B 803BC0CD EE1ED7A1 E531953E 7CA640AC DC2C8954
B65F0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 147B1C70 0F17842F CDD0741E C0FFFA9D DA1FFF9A A5301D06
03551D0E 04160414 7B1C700F 17842FCD D0741EC0 FFFA9DDA 1FFF9AA5 300D0609
2A864886 F70D0101 05050003 81810051 BC94809D 50104892 01B9A08D CFD59F70
9E9CC0BF 475A6F28 8946DF62 7CF17659 518F5A93 B41ADCF7 778F1605 5FF115AF
0B78460E 905460ED 4CFD27A2 1ABEB4C6 8AA18142 06DB8619 B783C307 70E99053
9F852D0D 5AD1ABF5 1FAA27CC 14ED5841 618BE954 C603C133 0948F18E E23A2096
89E84D39 63A1F69A A46DC2B7 E11C89
quit
license udi pid ISR4431/K9 sn FOC21513FSH
!
spanning-tree extend system-id
!
!
redundancy
mode none
!
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
crypto isakmp policy 1
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0/0
ip address 10.10.10.1 255.255.255.0
ip nat outside
ip tcp adjust-mss 1412
negotiation auto
no mop enabled
!
interface GigabitEthernet0/0/1
no ip address
ip tcp adjust-mss 1412
media-type rj45
negotiation auto
!
interface GigabitEthernet0/0/1.2
description VLAN 806
encapsulation dot1Q 806
ip address EXT_IP_2 255.255.255.248 secondary
ip address EXT_IP_1 255.255.255.248
ip nat outside
ip virtual-reassembly
!
interface GigabitEthernet0/0/2
no ip address
ip tcp adjust-mss 1412
negotiation auto
!
interface GigabitEthernet0/0/2.1
description VLAN 10
encapsulation dot1Q 10
ip address 192.168.1.1 255.255.255.0
ip helper-address 8.8.8.8
ip mask-reply
ip information-reply
ip directed-broadcast 20
ip nat inside
ip dns view-group internet2
logging event subif-link-status
ip virtual-reassembly
ip virtual-reassembly-out
!
interface GigabitEthernet0/0/2.2
description VLAN 20
encapsulation dot1Q 20
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface GigabitEthernet0/0/3
ip address 172.16.1.1 255.255.255.0
ip tcp adjust-mss 1412
shutdown
negotiation auto
vlan-id dot1q 110
description VLAN 110
!
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
ip tcp adjust-mss 1412
shutdown
negotiation auto
!
interface Vlan1
no ip address
shutdown
!
ip nat translation udp-timeout never
ip nat translation icmp-timeout never
ip nat service fullrange udp port 53
no ip nat service all-algs
ip nat pool dmz EXT_IP_1 EXT_IP_1 netmask 255.255.255.248
ip nat pool wat1 EXT_IP_2 EXT_IP_2 netmask 255.255.255.248
ip nat pool internet EXT_IP_1 EXT_IP_1 netmask 255.255.255.248
ip nat pool no-overload EXT_IP_1 EXT_IP_2 prefix-length 29
ip nat inside source static udp 192.168.1.0 53 EXT_IP_1 53 extendable
ip nat inside source static udp 192.168.1.0 80 EXT_IP_1 80 extendable
ip nat inside source static 192.168.2.3 EXT_IP_2
ip nat inside source static udp 10.10.10.1 53 interface GigabitEthernet0/0/0 53
ip nat inside source list 7 pool no-overload
ip nat inside source list 10 pool dmz overload
ip nat inside source list 20 pool wat1 overload
ip nat inside source list 30 pool internet overload
ip forward-protocol nd
ip forward-protocol spanning-tree any-local-broadcast
ip http server
ip http authentication local
ip http secure-server
ip tftp source-interface GigabitEthernet0
ip dns view default
no dns forwarding
ip route 0.0.0.0 0.0.0.0 212.91.11.105
ip route 192.168.1.0 255.255.255.0 GigabitEthernet0/0/2.1
!
!
access-list 10 permit 192.168.1.0 0.0.0.255
access-list 20 permit 192.168.2.0 0.0.0.255
access-list 20 deny any
!
!
!
control-plane
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login local
transport input ssh
!
ntp server europe.pool.ntp.org source GigabitEthernet0/0/1.2
!
end
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-11-2018 05:19 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-11-2018 03:09 PM
Hi
You have different internal networks. Which one works and which one not.
Some remarks:
- Based on previous outputs, 10.10.10.0/24 seems to be an internal network but you configured as ip nat outside instead of ip nat inside. Is it normal or an issue?
- on your interface g0/0/2.1, you setup 8.8.8.8 as ip helper-address which is wrong. correct it by putting your internal dhcp server IP
- always on g0/0/2.1, why you configured ip dns view-group ?
You have a lot of nat configured. In order to help you out and clean it up if needed, can you detail what you want to be natted (PAT, static...) because there're some weird configs right now. Afterwards, I can give you all the right commands and clean the actual ones if not necessary.
Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-29-2023 07:07 AM
I'd like to revive this topic...I'm having the same issue. I can ping and trace route via IP to external public IPs with no issues, but cannot use DNS. It flaps on and off every 30 seconds. I have a DHCP pool setup for my data vlan sub int and it appears to work fine, PC can pull DHCP IP just fine and pull DNS address fine. DNS address is currently setup as google DNS (8.8.8.8) on the DHCP pool (dns-server command). I'm also using NAT overload which appears to be function properly. I can run "sh ip nat translations" and see calls to google's DNS from inside int to outside int.
The 4431 is behind a firewalla purple and I've tried completely turning off monitoring for the 4431 and still can't get a stable DNS connection. I've tried deleting the host file on the test pc and flushing the DNS settings, no luck. I've tried doing a ping using domain name, no luck and I've tried using NSLOOKUP with no success, fails to resolve.
Any help would be greatly appreciated. My current last resort is to connect the 4431 directly to my ISP connection and redo nat with public IP address using PAT to see if I can get a stable DNS connection.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
