Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
728
Views
0
Helpful
2
Replies

EzVPN with DNS forwarding

hadbihas
Level 1
Level 1

‎06-29-2006 10:38 AM - edited ‎02-21-2020 01:01 AM

I use my router itself as a DNS forwarder. Unfortunately when a domain query is requested on the LAN side, the packet is sourced with the ouside interface IP address which is ouside the EzVPN tunnel and thus the reply does not find it's way back. Can anybody suggest a way to solve this issue please? Maybe NATing the source packet for UDP and TCP 53 somhow to traverse the EzVPN tunnel? PS. "ip domain lookup source-interface..." is not taking effect in this EzVPN case. Please see my attached router config.

EzVPN Clinet - Network Extension (this router 871.. IOS 12.4.9)

EzVPN Server - VPN3030

Preview file
4 KB
0 Helpful
2 Replies 2

pradeepde
Level 5
Level 5

‎07-05-2006 05:15 AM

Might be you can create an Extended Access List that doesnt allw NATing for DNS query which is TCP/UDP 53 and allowing NATing for the services needed.For more information refer the following URL for creating access list.

http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_command_reference_chapter09186a008017d1d4.html.

0 Helpful

hadbihas
Level 1
Level 1
In response to pradeepde

‎07-05-2006 06:54 AM

Sorry I don't understand what you mean? The issue here is that the domain packet is sourced with the outside address (no NATing happens anyway!). I had actually tried NATing the source address for a UDP/TCP 53 packet to the inside 10.xxx.. address which supposed to solve the issue for the return packet but still can't make it traverse the ezvpn tunnel!!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card