Worldwide [change] |Account |Register |About Cisco
Guest

Hierarchical Navigation

Cisco Compatible Micro Router Series

Compatible Systems Tech Notes: NAT Mapping and DNS Resolution

Downloads

Document ID: 17676


Contents

Introduction
Prerequisites
      Requirements
Affected Products
Affected Versions
More Information
Related Information

Introduction

Compatible's NAT implementation does not allow NAT Mapping out the same interface. What this means is that if a workstation on an internal range wants to reach another device on the same internal range, it MUST use the other device's internal address. It cannot use the other device's NAT Mapped external address.

Prerequisites

Requirements

There are no specific requirements for this document.

Affected Products

1200i, 1220i, 1250i, 1270i, 2600i, 2200R, 2220R, 2250R, 2270R, 3500R, 4000S, VSR-2, VSR-8, IntraPort 1, IntraPort 2, IntraPort 2+, IntraPort Enterprise-2, IntraPort Enterprise-8, IntraPort Carrier-2, and IntraPort Carrier-8

Affected Versions

All versions

More Information

For instance, workstation 1 10.10.10.10 and workstation 2 10.10.10.20 are on the same hub. Workstation 2 also has a NAT Mapping 10.10.10.20 -> 204.144.171.20 through a Compatible device. From the Internet, everyone accesses 204.144.171.20 and gets to 10.10.10.20. Workstation 1 cannot access 204.144.171.20 at all. The reason is that Compatible's NAT implementation does the NAT Mapping and discovers that the source IP is on the same network as the destination IP so it does not need to route it and drops the packet. Its rationale is "Why does 10.10.10.10 not ask for 10.10.10.20 directly since they are on the same network?"

So no internal device can use a NAT Mapping to reach another internal device. They have to use the internal address of the other workstation in order to reach it.

The common problem is that www.mymail.com resolves to 204.144.171.20 and all internal devices that try to use that DNS resolution in their mail setup are not be able to reach it. They have to manually put in the address 10.10.10.20 as their mail server in order for it to work.

That works fine for static workstations always on the internal network, but what about laptops that connect both at work and through the Internet? Do they have to keep switching the setup of their mail program? This can be solved with the introduction of an internal DNS server on the internal network. Then all devices on the internal network range use that new internal DNS server as their Primary DNS server. The use of DHCP to assign that primary DNS address is also helpful. When queried for www.mymail.com, it responds with 10.10.10.20. So on the internal network, the laptop queries the internal DNS server and gets 10.10.10.20. While on the external network (Internet) it queries the ISP's DNS server and they get 204.144.171.20 as would the rest of the world.

Related Information

Updated: May 03, 2004 Document ID: 17676