from "Natting problem" thread... http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080093f30.shtml
"...The inside device cannot use the IP address of the outside device because it is the same as the address assigned to itself (the inside device). Therefore, the inside device will send a DNS query for the outside device's domain name. The inside device's IP address will be the source of this query, and that address will be translated to an address from the "test-loop" pool because the ip nat inside source list command is configured. The DNS server replies to the address which came from the pool "test-loop" with the IP address associated with the outside device's domain name in the payload of the packet. The destination address of the reply packet is translated back to the inside device's address, and the address in the payload of the reply packet is then translated to an address from the pool "test-dns" because of the ip nat outside source list command. Therefore the inside device learns that the IP address for the outside device is one of the addresses from the "test-dns" pool, and it will use this address when communicating with the outside device. The router running NAT takes care of the translations at this point..." Is that accurate??? The "ip nat outside source" command will translate the IP in the PAYLOAD of the DNS reply packet even though it is not the source??? doesn't sound right and I am unable to test it rite now... Charles Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66224&t=66224 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]