- Posts: 22
- Thank you received: 0
cisco 1841 DNS Resolve problem
18 years 11 months ago #11933
by pp1dt
Replied by pp1dt on topic Re: cisco 1841 DNS Resolve problem
Hi all,
My access-list has no problem, my router was connected to another vpn server, so this ACL will send all encrypted traffic to the vpn server and the rest of traffic to the Internet.
The above config works fine with the Linux box in front, all Internet access & vpn traffic to Network 10.0.1.0/24 are working fine, but I want to remove the Linux box and only left the cisco 1841, will try to find out what is the problem.....
My access-list has no problem, my router was connected to another vpn server, so this ACL will send all encrypted traffic to the vpn server and the rest of traffic to the Internet.
The above config works fine with the Linux box in front, all Internet access & vpn traffic to Network 10.0.1.0/24 are working fine, but I want to remove the Linux box and only left the cisco 1841, will try to find out what is the problem.....
18 years 7 months ago #13786
by meisiew
Replied by meisiew on topic Re: cisco 1841 DNS Resolve problem
Just scroll through some old questions in the forum and yours is quite interesting.
I think you might have solved it, perhaps from the WinXP(end system), try to ping an IP Address i.e. 216.239.51.104 or by hostname www.google.com . If you received timed-out it could be it is blocked by the access list settings
From cisco, you could enter "sh ip route" to check whether the routing connection as also confirm the ip routing is running
If you have solved it, kindly share with us. Thanks
I think you might have solved it, perhaps from the WinXP(end system), try to ping an IP Address i.e. 216.239.51.104 or by hostname www.google.com . If you received timed-out it could be it is blocked by the access list settings
From cisco, you could enter "sh ip route" to check whether the routing connection as also confirm the ip routing is running
If you have solved it, kindly share with us. Thanks
18 years 7 months ago #13821
by havohej
JWJ, Indeed pp1dt is alredy doing an split tunnel.
i fyou look careful at the statement s:
ip nat inside source route-map nonat interface FastEthernet0/1 overload
!
access-list 101 deny ip 10.0.9.0 0.0.0.255 10.0.1.0 0.0.0.255
access-list 101 permit ip 10.0.9.0 0.0.0.255 any
route-map nonat permit 10
match ip address 101
He is denying nat to traffic from 10.0.9.0 to 10.0.1.0 to be translated by nat, so perhaps, he is doing it because it wont be encrypted or translated and sent in the same interface with its own ip address (not translated).
Replied by havohej on topic Re: cisco 1841 DNS Resolve problem
I noticed the 1841 router is configured for Easy VPN. Have you verified the peer IP address as well as the group and key are correct? Also, is it your intent to have all traffic go over the VPN tunnel, or just certain types? You can do what is called a split tunnel (in .pdf format) that sends certain traffic always over the tunnel, and the rest directly to the internet.
The access list is having no affect on the configuration, it's applied to a route map that's not applied to any interface, at least not from what is given in pp1dt's post. Anyways, the configuration looks OK from what I see, my suggestion is check the VPN portion.
JWJ, Indeed pp1dt is alredy doing an split tunnel.
i fyou look careful at the statement s:
ip nat inside source route-map nonat interface FastEthernet0/1 overload
!
access-list 101 deny ip 10.0.9.0 0.0.0.255 10.0.1.0 0.0.0.255
access-list 101 permit ip 10.0.9.0 0.0.0.255 any
route-map nonat permit 10
match ip address 101
He is denying nat to traffic from 10.0.9.0 to 10.0.1.0 to be translated by nat, so perhaps, he is doing it because it wont be encrypted or translated and sent in the same interface with its own ip address (not translated).
18 years 7 months ago #13825
by jwj
-Jeremy-
Replied by jwj on topic Re: cisco 1841 DNS Resolve problem
Hey, I did miss that, thanks havohej.
-Jeremy-
18 years 6 months ago #14790
by pp1dt
Replied by pp1dt on topic Re: cisco 1841 DNS Resolve problem
HI all,
The problems still not solve, it is the DNS resolve issue, the configuration work fine with the Linux box in front because the Linux box does the DNS part.
I'm seeking Cisco for help now, hopefully they can look into it and help me to solve the problems before I can remove the Linux box.
Thanks everyone out there :lol:
The problems still not solve, it is the DNS resolve issue, the configuration work fine with the Linux box in front because the Linux box does the DNS part.
I'm seeking Cisco for help now, hopefully they can look into it and help me to solve the problems before I can remove the Linux box.
Thanks everyone out there :lol:
Time to create page: 0.141 seconds