05-08-2003 09:23 AM - edited 03-02-2019 07:12 AM
Incoming PTR queries are not being translated to the coresponding internal ip numbers. The query arrives at my internal name server with the external ip number unchanged in the payload.
Outgoing replies from my internal name server are correctly translated to external ip numbers.
I thought I had this sorted out, when I corrected a problem with static nat entries overlapping my nat pool. But the problem has returned and I've no idea why.
The static nat entries are denied from the nat pool access-list and are not members of my nat pool. I'll post a section of my config, if it would help.
IOS 12.2 on 2600 router.
Thanks so much for any tips,
Cole
05-12-2003 06:42 AM
Your config and a brief description of thetopology would help.
05-12-2003 07:31 AM
Thanks for your interest. We have a leased fractional T1 connected to a cisco 2600. The router is running RIP and NAT. Our internal network is 192.168.1.0 0.0.0.255.
! Actual outside addresses have been changed to the reserved 240.0.0.0 network.
!
version 12.2
no parser cache
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
logging buffered 4096 debugging
logging rate-limit console 10 except errors
no logging console
!
ip subnet-zero
!
!
ip name-server 192.168.1.8
!
no ip dhcp-client network-discovery
!
!
!
interface Ethernet0/0
description connected to LLS LAN
ip address 192.168.1.1 255.255.255.0
ip nat inside
half-duplex
!
interface Serial0/0
bandwidth 384
ip address 240.0.5.198 255.255.255.252
ip access-group 101 in
no ip unreachables
no ip proxy-arp
ip accounting access-violations
ip nat outside
encapsulation ppp
fair-queue 64 256 0
!
router rip
version 2
network 192.168.1.0
no auto-summary
!
ip nat pool LLSCisco1-natpool-2 240.0.0.248 240.0.0.248 netmask 255.255.255.240
ip nat inside source list 2 pool LLSCisco1-natpool-2 overload
ip nat inside source static 192.168.1.49 240.0.0.249
ip nat inside source static 192.168.1.54 240.0.0.254
ip nat inside source static 192.168.1.12 240.0.0.246
ip nat inside source static 192.168.1.8 240.0.0.242
ip nat inside source static 192.168.1.11 240.0.0.241
ip nat inside source static 192.168.1.10 240.0.0.245
ip nat inside source static 192.168.1.51 240.0.0.251
ip nat inside source static 192.168.1.50 240.0.0.250
ip nat inside source static 192.168.1.52 240.0.0.252
ip nat inside source static 192.168.1.53 240.0.0.253
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0
no ip http server
!
access-list 2 deny 192.168.1.49
access-list 2 deny 192.168.1.51
access-list 2 deny 192.168.1.50
access-list 2 deny 192.168.1.53
access-list 2 deny 192.168.1.52
access-list 2 deny 192.168.1.54
access-list 2 deny 192.168.1.8
access-list 2 deny 192.168.1.11
access-list 2 deny 192.168.1.10
access-list 2 deny 192.168.1.12
access-list 2 permit 192.168.1.0 0.0.0.255
access-list 101 deny ip 192.168.0.0 0.0.255.255 any log
access-list 101 deny ip 172.16.0.0 0.15.255.255 any log
access-list 101 deny ip 10.0.0.0 0.255.255.255 any log
access-list 101 deny ip 127.0.0.0 0.255.255.255 any log
access-list 101 deny ip 255.0.0.0 0.255.255.255 any log
access-list 101 deny ip 224.0.0.0 7.255.255.255 any log
access-list 101 deny ip host 0.0.0.0 any log
access-list 101 deny ip 240.0.0.240 0.0.0.15 any log
access-list 101 deny ip host 64.30.3.198 any log
access-list 101 permit tcp any any gt 1023 established
access-list 101 permit icmp any any
access-list 101 permit tcp any host 240.0.0.249
access-list 101 permit udp any host 240.0.0.249
access-list 101 permit tcp any host 240.0.0.246 eq smtp
access-list 101 permit tcp any host 240.0.0.241 eq smtp
access-list 101 permit tcp any host 240.0.0.246 eq pop3
access-list 101 permit tcp any host 240.0.0.241 eq pop3
access-list 101 permit tcp any host 240.0.0.245 eq www
access-list 101 permit tcp any host 240.0.0.245 eq ftp
access-list 101 permit tcp any host 240.0.0.245 eq ftp-data
access-list 101 permit tcp any host 240.0.0.245 gt 1023
access-list 101 permit tcp any host 240.0.0.242 eq domain log
access-list 101 permit tcp any host 240.0.0.241 eq domain log
access-list 101 permit udp any host 240.0.0.242 eq domain
access-list 101 permit udp any host 240.0.0.241 eq domain
access-list 101 permit udp any eq domain host 240.0.0.250 gt 1023
access-list 101 permit udp any any eq ntp
access-list 101 permit tcp any host 240.0.0.246 eq ident
access-list 101 permit tcp any host 240.0.0.241 eq ident
access-list 101 permit tcp any host 240.0.0.250 eq 407
access-list 101 permit udp any host 240.0.0.250 eq 407
access-list 101 permit tcp any host 240.0.0.251 eq 407
access-list 101 permit udp any host 240.0.0.251 eq 407
access-list 101 permit tcp any host 240.0.0.252 eq 407
access-list 101 permit udp any host 240.0.0.252 eq 407
access-list 101 permit tcp any host 240.0.0.253 eq 407
access-list 101 permit udp any host 240.0.0.253 eq 407
access-list 101 permit tcp any host 240.0.0.254 eq 407
access-list 101 permit udp any host 240.0.0.254 eq 407
access-list 101 deny ip any any log
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide