Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
609
Views
2
Helpful
6
Replies

Static NAT mapping is not working

Go to solution
tkalfaoglu
Level 1
Level 1

‎07-17-2023 04:31 AM - last edited on ‎07-17-2023 10:24 PM by Community Manager

Hi. I thought I had this down pat, but it turns out I didn't.

This is a CISCO 3925.. Single outbound IP, and a bunch of LAN clients using

192.168.x.x 

very typical setup.
NAT is working fine, except I can't allow an incoming port to be mapped.

I have a DNS server running locally at port 5333.  LAN hosts can access it, no problems.

I would like the world to access it as port 53.

My remote IP is, 193.162.105.108.  The DNS server is at 192.168.1.191

This is not working:

ip nat inside source list 1 interface Dialer1 overload
ip nat inside source static tcp 192.168.1.191 53 193.162.105.108 5333 extendable
ip nat inside source static udp 192.168.1.191 53 193.162.105.108 5333 extendable

interface GigabitEthernet0/1
ip nat inside

interface Dialer1
ip nat outside
ip nat enable

I also have

access list

in, but it permits both 53 and 5333 for UDP and TCP.

I'll enclose the entire file in case it helps..

Many thanks, -t

 

 

Labels:
Preview file
8 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
tkalfaoglu
Level 1
Level 1

‎07-17-2023 10:20 AM - last edited on ‎07-17-2023 10:33 PM by Community Manager

SOLVED.. I had to to this instead of the

nat static

lines above:

ip nat inside source static tcp 192.168.1.191 5333 interface Dialer1 53
ip nat inside source static udp 192.168.1.191 5333 interface Dialer1 53

This routes ALL port 53 traffic to that one server's 5333 port.. it works!

 

View solution in original post

6 Replies 6

Go to solution
MHM Cisco World
VIP
VIP

‎07-17-2023 04:36 AM - last edited on ‎07-17-2023 10:32 PM by Community Manager 

ip nat inside source list 100 interface Dialer1 overload
ip nat inside source static tcp 192.168.1.191 53 193.162.105.108 5333 extendable
ip nat inside source static udp 192.168.1.191 53 193.162.105.108 5333 extendable

!

Ip access-list standard 100

Deny tcp/udp 192.168.1.191 53 any 

Permit ip 192.168.1.0 0.0.0.255 any 

 

You need to

deny tcp/udp

traffic form NATing overload 

By the way

dns use udp not tcp
0 Helpful

Go to solution
tkalfaoglu
Level 1
Level 1
In response to MHM Cisco World

‎07-17-2023 05:20 AM - last edited on ‎07-17-2023 10:33 PM by Community Manager

Many thanks. When I did that, the

192.168.1.191

could not reach the internet.. therefore it was useless as a DNS server ..

 

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to tkalfaoglu

‎07-17-2023 10:03 AM

Sorry' can I see your last config

0 Helpful

Go to solution
tkalfaoglu
Level 1
Level 1

‎07-17-2023 10:20 AM - last edited on ‎07-17-2023 10:33 PM by Community Manager

SOLVED.. I had to to this instead of the

nat static

lines above:

ip nat inside source static tcp 192.168.1.191 5333 interface Dialer1 53
ip nat inside source static udp 192.168.1.191 5333 interface Dialer1 53

This routes ALL port 53 traffic to that one server's 5333 port.. it works!

 

Go to solution
MHM Cisco World
VIP
VIP
In response to tkalfaoglu

‎07-17-2023 10:25 AM

So server ise 5333 not known port 53.

Anyway glad your issue solved 

Have a nice summer 

MHM

Go to solution
tkalfaoglu
Level 1
Level 1

‎07-17-2023 10:54 AM

Many thanks - there are actually TWO DNS servers running on that machine, that's why one of them is at a non-standard port.. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card