Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
367
Views
0
Helpful
3
Replies

Static Nat disables Internet Access

man3mar3n
Level 1
Level 1

‎02-22-2016 07:39 AM - edited ‎03-12-2019 12:22 AM

Hi,

I have a requirement from a customer to define the follows :-

1. Remote VPN Access - Defined Working.

2. InterVlan Routing for all the subinterface VLANs - Defined and Working.

3. Internet Access to all subinterfaces - Defined and Working.

4. Static Nat for a particular IP on the subinterface IP range to a dummy IP - Static NAT works but it disables the internet access for the server.

The idea here is a customer remote VPN into the network and access a particular server via a dummy IP. Without the static nat, the server has internet access. However when the static nat implemented, server lose the internet connectivity. I can understand why it loses the internet access as it is now nat to a dummy IP which is a private IP.

Is there anyway I can do both, Static Nat and Internet Access for the server?

I attached the trimmed version of the config.

Thanks for all the help

Labels:
Preview file
3 KB
0 Helpful
3 Replies 3

Marius Gunnerud
VIP
VIP

‎02-22-2016 02:44 PM

I suggest moving the static NAT which you currently have in section 2 of the NAT table to section 1.  I am assuming that 90.90.90.1 is not in use anywhere else, for NAT I mean?

object network OBJ-NET-TEST-SERVER

   host 9.9.9.90

object network TRANSLATED_SERVER

  host 90.90.90.1

nat (inside999,outside) source static OBJ-NET-TEST-SERVER TRANSLATED_SERVER

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

man3mar3n
Level 1
Level 1
In response to Marius Gunnerud

‎02-22-2016 09:03 PM

I did the following :- 

I remove the following nat

object network OBJ-NET-TEST-VLAN-999
nat (inside999,outside) dynamic interface

I added the following -

object network OBJ-NET-TEST-SERVER

   host 9.9.9.90

object network TRANSLATED_SERVER

  host 90.90.90.1

nat (inside999,outside) source static OBJ-NET-TEST-SERVER TRANSLATED_SERVER

The static NAT is working. When I remote VPN in, I could ping the 90.90.90.1 and reply comes from the actual server 9.9.9.90. 

However, the actual server still has no internet access. This is true for the whole range b'cos I remove the first nat. 

I put it back the following

object network OBJ-NET-TEST-VLAN-999
nat (inside999,outside) dynamic interface

The IP range has internet access but the server 9.9.9.90 still has no internet access.

0 Helpful

Marius Gunnerud
VIP
VIP
In response to man3mar3n

‎02-23-2016 11:09 PM

could you run a packet tracer to see where the traffic stops.  And post the output here please

packet-tracer input inside999 tcp 9.9.9.90 12345 4.2.2.2 80 detail

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card