Unfortunately that doesn't work.
I was hopping that, like IAP, the translated packets would leave to the client VLAN and not the management VLAN. OR, if still leaving the management VLAN, use the management vlan address (I do have outside NAT enabled in the management VLAN).
Also, if I disable "inter vlan routing" all "dst-nat" traffic stops being forwarded.
Original Message:
Sent: Jan 19, 2025 06:17 PM
From: ariyap
Subject: Role to redirect DNS to a different server?
I used AOS10 for the gateways and my DNs-redirection worked fine with this rule. The device (10.10.31.31) is put into this IoT-Lab user-role.
note that I am using "svc-dns"
=============================
ip access-list session dns-redirect
user host 192.168.1.131 svc-dns dst-nat ip 1.1.1.1
!
user-role IoT-Lab
vlan 31
access-list session global-sacl
access-list session apprf-iot-lab-sacl
access-list session dns-redirect
access-list session allowall
============================Note flag "n" is for dest nat==============
(AOS10_gwy1) #show datapath session table | include 10.10.31.31
10.10.31.31 192.168.1.131 17 53852 53 0/0 6 48 1 tunnel 9 e 2 112 FNCI 6 673 /0 /0 80001
1.1.1.1 10.10.31.31 17 53 52137 0/0 0 0 2 tunnel 9 14 2 318 FSI 6 0 /0 /0 0
------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
Original Message:
Sent: Jan 18, 2025 05:27 AM
From: ricardoduarte
Subject: Role to redirect DNS to a different server?
Hi there,
I'm trying to get a role to redirect all queries to 10.0.0.1 port 53 to 1.1.1.1 port 53.
I was able to get the traffic to go to the 1.1.1.1 server by using dst-nat,and can see at the edge firewall the responses going back to the client.
But then the answers are not being received by the client and DNS queries are failing.
The config I used:
ip access-list session redirect-dns
user host 10.0.0.1 udp 53 53 dst-nat ip 1.1.1.1 53
!
Any idea why it does not work, and how to make it work?
Thanks