Re: Destination NAT

Ali Hazim · ‎02-18-2024

Hello Everyone,

I have an ASR1006 on which I've configured a virtual template for PPPoE connection and applied NAT config for the PPPoE clients to access the internet.

Is there a way to create a destination NAT for all DNS traffic to be redirected toward 8.8.8.8, so that if a PPPoE client sets the DNS on their device to any value other than (8.8.8.8), the ASR will force the traffic to go to 8.8.8.8.

So assume the PPPoE Clients range is 100.64.0.0/10, I want all the traffic that has:
Source IP (100.64.0.0/10) and destination IP (0.0.0.0/0) on UDP port 53
To be redirected to be:
Source IP (100.64.0.0/10) and destination IP (8.8.8.8) on UDP port 53

MHM Cisco World · ‎02-18-2024

Will this idea I think will work

But the best is apply acl to drop any packet use l4 udp port 53 to any destiantion other than 8.8.8.8

This make user pc try any dnc failed and then use in end 8.8.8.8 this fallback is automatic.

MHM

paul driver · ‎02-18-2024

Hello

@Ali Hazim wrote:
So assume the PPPoE Clients range is 100.64.0.0/10, I want all the traffic that has:
Source IP (100.64.0.0/10) and destination IP (0.0.0.0/0) on UDP port 53
To be redirected to be:
Source IP (100.64.0.0/10) and destination IP (8.8.8.8) on UDP port 53

You could try policy based routing so traffic is forwarded to the correct dns.

Example:
Ip access-list extended DNS
permit tcp 100.64.0.0 0.3.255.255 eq domain any
permit udp a100.64.0.0 0.3.255.255 eq domain any

route-map DNS_rm
match ip address DNS
set ip next-hop 8.8.8.8

interface x/x
description LAN interface
ip policy-route DNS_rm

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul