EXTREMELY annoying DNS problem with Cisco 1004

EXTREMELY annoying DNS problem with Cisco 1004

Post by buz » Sat, 17 Oct 1998 04:00:00



I have a Cisco 1004. Recently loaded it up with IOS 11.3 in order to
use NAT. Connects fine to ISP, NAT works. But, DNS requests from
clients inside the NAT layer fail. Here's the details:

CONFIGURATION:

-----

Current configuration:
!
version 11.3
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname BuzzRouter
!
enable password xxxx
!
ip subnet-zero
ip nat inside source list 100 interface BRI0 overload
no ip domain-lookup
isdn switch-type basic-ni1
!
!
interface Ethernet0
 ip address 172.1.1.103 255.255.255.0
 ip nat inside
!
interface BRI0        
description 84778112340101-56780101 dial 9951234 username myusername
password mypassword ip unnumbered  
 ip address negotiated
 ip access-group 100 in
 ip nat outside
 encapsulation ppp
 bandwidth 128
 dialer idle-timeout 120000
 dialer string 9951234 class ip
 dialer hold-queue 20
 dialer load-threshold 64 either
 dialer-group 1
 isdn spid1 84778112340101 8477811234
 isdn spid2 84778156780101 8477815678
 no peer default ip address
 no fair-queue
 no cdp enable
 ppp authentication pap callin
 ppp pap sent-username myusername password 0 mypassword
 ppp multilink
!
ip classless
ip route 0.0.0.0 0.0.0.0 BRI0 permanent            
!
access-list 100 permit ip 0.0.0.0 255.255.255.0 any
access-list 100 permit ip any any
dialer-list 1 protocol ip list 100
!
line con 0
line vty 0 4
 session-timeout 60
 exec-timeout 60 0
 password xxxx
 login
 length 25
!
end              

----

ERROR MESSAGE (when NAT and packet debug are enabled):

10:40:31: NAT: s=172.1.1.102->32.224.65.54, d=9.14.1.30 [59747]
10:40:31: IP: s=32.224.65.54 (Ethernet0), d=9.14.1.30 (BRI0),
g=9.14.1.30, len 68, forward
10:40:31: NAT: s=9.14.1.30, d=32.224.65.54->172.1.1.102 [31146]
10:40:31: NAT: translation failed (B), dropping packet s=9.14.1.30
d=172.1.1.102
10:40:31: IP: s=32.224.65.54 (local), d=9.14.1.30 (BRI0), len 56,
sending
10:40:31: NAT: translation failed (L), dropping packet s=32.224.65.54
d=9.14.1.30                                      

-----

Info:

9.14.1.30 is nameserver outside of NAT
172.1.1.103 is IP address of Ethernet 0 on Cisco 1004
172.1.1.102 is IP address of client accessing Cisco 1004 inside NAT

-----

Any insight into this problem would be greatly appreciated.

-Dave Simons

 
 
 

EXTREMELY annoying DNS problem with Cisco 1004

Post by buz » Sat, 17 Oct 1998 04:00:00


Hey, I figured it out. Cisco bug in 11.3(4) and higher. IOS 11.3(4)
and higher eats itself on DNS requests thru NAT when there's "any" in
the access list.

To all those using NAT on IOS, don't go past 11.3(3) if you a) have
"Any" in your access-list and don't want DNS problems and b) don't
want to config BRI0 manually to "no shut" when the power cycles on
your router.

-Buzz

-----


>I have a Cisco 1004. Recently loaded it up with IOS 11.3 in order to
>use NAT. Connects fine to ISP, NAT works. But, DNS requests from
>clients inside the NAT layer fail. Here's the details:

>CONFIGURATION:

>-----

>Current configuration:
>!
>version 11.3
>service timestamps debug uptime
>service timestamps log uptime
>no service password-encryption
>!
>hostname BuzzRouter
>!
>enable password xxxx
>!
>ip subnet-zero
>ip nat inside source list 100 interface BRI0 overload
>no ip domain-lookup
>isdn switch-type basic-ni1
>!
>!
>interface Ethernet0
> ip address 172.1.1.103 255.255.255.0
> ip nat inside
>!
>interface BRI0        
>description 84778112340101-56780101 dial 9951234 username myusername
>password mypassword ip unnumbered  
> ip address negotiated
> ip access-group 100 in
> ip nat outside
> encapsulation ppp
> bandwidth 128
> dialer idle-timeout 120000
> dialer string 9951234 class ip
> dialer hold-queue 20
> dialer load-threshold 64 either
> dialer-group 1
> isdn spid1 84778112340101 8477811234
> isdn spid2 84778156780101 8477815678
> no peer default ip address
> no fair-queue
> no cdp enable
> ppp authentication pap callin
> ppp pap sent-username myusername password 0 mypassword
> ppp multilink
>!
>ip classless
>ip route 0.0.0.0 0.0.0.0 BRI0 permanent            
>!
>access-list 100 permit ip 0.0.0.0 255.255.255.0 any
>access-list 100 permit ip any any
>dialer-list 1 protocol ip list 100
>!
>line con 0
>line vty 0 4
> session-timeout 60
> exec-timeout 60 0
> password xxxx
> login
> length 25
>!
>end              

>----

>ERROR MESSAGE (when NAT and packet debug are enabled):

>10:40:31: NAT: s=172.1.1.102->32.224.65.54, d=9.14.1.30 [59747]
>10:40:31: IP: s=32.224.65.54 (Ethernet0), d=9.14.1.30 (BRI0),
>g=9.14.1.30, len 68, forward
>10:40:31: NAT: s=9.14.1.30, d=32.224.65.54->172.1.1.102 [31146]
>10:40:31: NAT: translation failed (B), dropping packet s=9.14.1.30
>d=172.1.1.102
>10:40:31: IP: s=32.224.65.54 (local), d=9.14.1.30 (BRI0), len 56,
>sending
>10:40:31: NAT: translation failed (L), dropping packet s=32.224.65.54
>d=9.14.1.30                                      

>-----

>Info:

>9.14.1.30 is nameserver outside of NAT
>172.1.1.103 is IP address of Ethernet 0 on Cisco 1004
>172.1.1.102 is IP address of client accessing Cisco 1004 inside NAT

>-----

>Any insight into this problem would be greatly appreciated.

>-Dave Simons



 
 
 

1. Cisco 1004 vs. CiscoPro 1004

I would appreciate if anybody answers my question:

Can an IP/IPX feature set (IOS 11.1)for CiscoPro 1004 work on
Cisco 1004 router, or there are hardware or firmware differences
between these two products that could prevent that.

Thank you.

Artak Melkonian

2. how to send form contents withsendmail?

3. 1004 - 1004 connection issues

4. Contrast is not Brightness

5. PCMCIA flash problem on Cisco 1004 ISDN router

6. Jornada 548 and PPC questions

7. Help requested: Cisco 1004 router problem.

8. two name server to keep fault-tolerance ?

9. Ascend Pipline 50 or Cisco 750s, or Cisco 1004?

10. cisco 1004

11. Reserved IP ranges and Cisco 1004 router

12. Cisco 1004 router