Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
417
Views
0
Helpful
0
Replies

ISR4321/K9 DNS Configuration

callen15
Level 1
Level 1

‎01-26-2022 07:11 AM - edited ‎01-26-2022 07:14 AM

Hello, After successfully getting our 161 VLAN (192.168.10.1/24) to NAT to VLAN 20 (10.4.20.253), I'm having issues with DNS resolution. I've been able to ping external IP addresses such as those in our production network and externally ex..(8.8.8.8). 

 

I performed a packet capture on the switch that's connecting the 10.4.20.253 interface and was able to determine that DNS Queries are being sent out and returned to the 10.4.20.253 interface but for whatever reason, the 192 hosts aren't getting the reply. 

 

Attached below is my ISR4321/K9 startup-config. Any help is greatly appreciated. 

 

Building configuration...


Current configuration : 2987 bytes
!
! Last configuration change at 
!
version 16.6
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 

 

enable password
!
no aaa new-model
!
ip name-server 10.4.100.25 10.7.100.24
no ip domain lookup
ip domain name organization.local
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
license udi pid ISR4321/K9 
diagnostic bootup level minimal
spanning-tree extend system-id
archive
log config
hidekeys
!
!
!
username admin privilege 15 secret 5 
!
redundancy
mode none
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface Null0
no ip unreachables
!
interface GigabitEthernet0/0/0
description WAN to organization 
no ip address
negotiation auto
!
interface GigabitEthernet0/0/0.2
encapsulation dot1Q 2 native
ip address 10.4.1.49 255.255.255.0
!
interface GigabitEthernet0/0/0.20
encapsulation dot1Q 20
ip address 10.4.20.253 255.255.255.0
ip nat outside
ip virtual-reassembly
!
interface GigabitEthernet0/0/0.100
encapsulation dot1Q 100
ip address 10.4.100.5 255.255.255.0
!
interface GigabitEthernet0/0/1
description LAN to INF
no ip address
negotiation auto
!
interface GigabitEthernet0/0/1.2
encapsulation dot1Q 2 native
!
interface GigabitEthernet0/0/1.161
encapsulation dot1Q 161
ip address 192.168.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface GigabitEthernet0/1/0
!
interface GigabitEthernet0/1/1
!
interface GigabitEthernet0/1/2
!
interface GigabitEthernet0/1/3
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
!
interface Vlan1
no ip address
shutdown
!
ip nat pool NAT_POOL 10.4.20.253 10.4.20.253 netmask 255.255.255.0
ip nat inside source list 1 pool NAT_POOL overload
ip forward-protocol nd
ip ftp username admin
ip ftp password 7 
no ip http server
ip http authentication local
ip http secure-server
ip route 0.0.0.0 0.0.0.0 10.4.20.1
!
ip ssh version 2
!
!
ip access-list extended ALLOW_DNS
permit tcp any any
permit udp any any
ip access-list extended CAP-FILTER
permit ip any any
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 1 permit 10.4.1.0 0.0.0.255
access-list 1 permit 10.4.20.0 0.0.0.255
!
!
!
!
control-plane
!
!
line con 0
logging synchronous
login local
transport input none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password 7 
login local
transport input ssh
line vty 5 97
login local
transport input ssh
!
wsma agent exec
!
wsma agent config
!
wsma agent filesys
!
wsma agent notify
!
!
end

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card