Avaya 1000 Series Configuration Manual page 129

Changes to the DNS ALG
The Secure Router 1000 Series and 3120 provide support for DNS ALG. The DNS ALG is
used when a DNS client on an untrusted side wants to access a DNS server behind a NAT in
trusted side.
A DNS client in the untrusted side sends a DNS Standard Query to the Secure Router. The
Secure Router receives the DNS query with the destination port 53. The secure router
translates the IP header based on the reverse NAT policy. When the response comes from the
DNS server (which is present in trusted side), the Secure Router translates the header based
on the reverse NAT policy and the DNS payload is translated from private IP record to global
IP record which will be taken from the DNS pool database.
A DNS client in the untrusted side sends a DNS Reverse Query to the Secure Router. The
secure router translates the IP header based on the reverse NAT policy and the DNS payload is
translated from global IP record to private IP record which were added through the CLI. When
the response comes from the DNS server (which is present in trusted side), the secure router
translates header based on the reverse NAT policy and the DNS payload is translated from
private IP record to global IP record which will be taken from the DNS pool database.
Configuring DNS ALG
Procedure steps
1. Enter Configuration Mode.
2. Enter the firewall global sub-tree.
3. Enter the algs sub-tree.
4. Enter the dns sub-tree.
5. Enable the DNS ALG.
6. Ensure the DNS pool has been configured.
7. Display the pool name.
8. Display all static pool names which were added.
Avaya Secure Router 1000 Series Configuration Guide
configure terminal
firewall global
algs
dns
enable
pool <pool-name> <private-ip> <global-ip>
show firewall dns-alg translate-pool pool-name
show firewall dns-alg translate-pool
Firewall ALG behavior
December 2010 129