cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
738
Views
0
Helpful
8
Replies

Replacing NetGear with Cisco and have big Problem.HELP!!

jcleary
Level 1
Level 1

So here is the situation

I'm replacing a netgear prosafe or something at the head office with a Cisco 1800. I had a few VPN tunnels coming into it connected to other offices/vendors and the tunnels worked fine.. In my main office I have a Domain controller that is the main DNS Server for our internal network. It also our external Facing DNS Server as well ( I know I know) I just inherited it.. So everything works fine with the netgear. When I configure the 1800 and get it working, the tunnels come up and everything is good, except for one thing.. I have an office with an XP Machine and a small netgear router with a vpn tunnel to the main office where the DNS Points to 10.51.44.9 which is the IP of the DC. Once the Cisco was put in it could not query that DNS server at all. I have the nat statement..

ip nat inside source static udp 10.51.44.9 53 interface FastEthernet0/0 53 in the 1800 to allow for outside access to this DNS Server. When I take it out. DNS works fine again on the XP Machine.. the problem is I can't leave it out or everything will stop working..

Any ideas?

8 Replies 8

jcleary
Level 1
Level 1

Anyone Please??

Please attach your config.

Here you go

Can the remote site acces your web server @ 10.51.44.9 when using the vpn ?

not unless i take this statement out

ip nat inside source static tcp 10.51.44.9 80 interface FastEthernet0/0 80

The easy way out is to use the "outside" IP adresse to reach the DNS and other server from your remote site.

If you all your router were cisco, you could do a GRE IPsec tunnel and avoid this nat issue...

Or...to make this work, you would need a static outside address.(not the interfae)

i tried that but DNS Still dosent work right ie cant join the domain etc

I have a similer config where we have replaced a sonicwall with a cisco 877 (just temp, eventually to be upgraded to a 1841) Our VPN's do the same thing. We anything which is port forwarded gets lost in translation (literally). I have attempted: http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094634.shtml However this did not work for me... Is the only option to get a second public IP to terminate the VPN on?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: