Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1334
Views
0
Helpful
8
Replies

Replacing NetGear with Cisco and have big Problem.HELP!!

jcleary
Level 1
Level 1

‎11-27-2007 07:15 AM - edited ‎03-09-2019 07:29 PM

So here is the situation

I'm replacing a netgear prosafe or something at the head office with a Cisco 1800. I had a few VPN tunnels coming into it connected to other offices/vendors and the tunnels worked fine.. In my main office I have a Domain controller that is the main DNS Server for our internal network. It also our external Facing DNS Server as well ( I know I know) I just inherited it.. So everything works fine with the netgear. When I configure the 1800 and get it working, the tunnels come up and everything is good, except for one thing.. I have an office with an XP Machine and a small netgear router with a vpn tunnel to the main office where the DNS Points to 10.51.44.9 which is the IP of the DC. Once the Cisco was put in it could not query that DNS server at all. I have the nat statement..

ip nat inside source static udp 10.51.44.9 53 interface FastEthernet0/0 53 in the 1800 to allow for outside access to this DNS Server. When I take it out. DNS works fine again on the XP Machine.. the problem is I can't leave it out or everything will stop working..

Any ideas?

Labels:
0 Helpful
8 Replies 8

jcleary
Level 1
Level 1

‎11-28-2007 07:15 AM

Anyone Please??

0 Helpful

dominic.caron
Level 5
Level 5
In response to jcleary

‎11-28-2007 07:30 AM

Please attach your config.

0 Helpful

jcleary
Level 1
Level 1
In response to dominic.caron

‎11-28-2007 07:42 AM

Here you go

23344-Config55.txt
Preview file
11 KB
0 Helpful

dominic.caron
Level 5
Level 5
In response to jcleary

‎11-28-2007 07:49 AM

Can the remote site acces your web server @ 10.51.44.9 when using the vpn ?

0 Helpful

jcleary
Level 1
Level 1
In response to dominic.caron

‎11-28-2007 08:02 AM

not unless i take this statement out

ip nat inside source static tcp 10.51.44.9 80 interface FastEthernet0/0 80

0 Helpful

dominic.caron
Level 5
Level 5
In response to jcleary

‎11-28-2007 08:55 AM

The easy way out is to use the "outside" IP adresse to reach the DNS and other server from your remote site.

If you all your router were cisco, you could do a GRE IPsec tunnel and avoid this nat issue...

Or...to make this work, you would need a static outside address.(not the interfae)

0 Helpful

jcleary
Level 1
Level 1
In response to dominic.caron

‎11-28-2007 08:57 AM

i tried that but DNS Still dosent work right ie cant join the domain etc

0 Helpful

michaelc
Level 1
Level 1
In response to jcleary

‎12-11-2007 10:06 PM

I have a similer config where we have replaced a sonicwall with a cisco 877 (just temp, eventually to be upgraded to a 1841) Our VPN's do the same thing. We anything which is port forwarded gets lost in translation (literally). I have attempted: http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094634.shtml However this did not work for me... Is the only option to get a second public IP to terminate the VPN on?

0 Helpful
Top