Router#ping 203.127.140.242

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 203.127.140.242, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 12/12/12 ms

Singnet#

00:03:21: NAT: s=203.127.140.241, d=203.127.140.242->202.147.38.253 [10]

00:03:21: NAT: s=203.127.140.241, d=203.127.140.242->202.147.38.253 [11]

00:03:21: NAT: s=203.127.140.241, d=203.127.140.242->202.147.38.253 [12]

00:03:21: NAT: s=203.127.140.241, d=203.127.140.242->202.147.38.253 [13]

00:03:21: NAT: s=203.127.140.241, d=203.127.140.242->202.147.38.253 [14]

C:\Documents and Settings\Kyaw Thu>ping 203.127.140.242

Pinging 203.127.140.242 with 32 bytes of data:

Reply from 203.127.140.242: bytes=32 time=15ms TTL=249

Reply from 203.127.140.242: bytes=32 time=31ms TTL=249

Reply from 203.127.140.242: bytes=32 time=15ms TTL=249

Reply from 203.127.140.242: bytes=32 time=31ms TTL=249

Ping statistics for 203.127.140.242:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 15ms, Maximum = 31ms, Average = 23ms

When I logged in and ping from the router, i can see the NAT translation. But when I ping from outside, i cant see any translation.

interface Ethernet0/0

ip address 202.147.38.200 255.255.255.192

no ip directed-broadcast

ip nat inside

!

interface Serial0/0

ip address 165.21.238.174 255.255.255.252

no ip directed-broadcast

!

interface Ethernet0/1

ip address 203.127.140.241 255.255.255.240

no ip directed-broadcast

ip nat outside

!

ip nat inside source static 202.147.38.253 203.127.140.242

what you are trying to say is nobody will able to see 203.127.140.242 thru WAN?

The config seems to be correct but it doesnt work out to be as what it should be.

Hi, I believe I figured out the problem. In order for the NAT to be invoked you either have to swap your inside statement with your outside or you need to change the "ip nat inside source static" statement to "ip nat outside source".

In short the "ip nat inside source static" can only NAT the "inside" source address and not the "outside" source address you would need the "ip nat outside source static"

Two answer your second question. You would need the nat statement on your WAN interface to reach the server under the nated address. Otherwise, the router will be the only one responding to the nat address(not the server).

Possible final working config:

interface Ethernet0/0

ip address 202.147.38.200 255.255.255.192

no ip directed-broadcast

ip nat outside

!

interface Serial0/0

ip address 165.21.238.174 255.255.255.252

no ip directed-broadcast

ip nat outside

!

interface Ethernet0/1

ip address 203.127.140.241 255.255.255.240

no ip directed-broadcast

ip nat inside

!

ip nat inside source static 202.147.38.253 203.127.140.242

This works..I verified it. Good Luck.

C:\Documents and Settings\Kyaw Thu>ping 203.127.140.242

Pinging 203.127.140.242 with 32 bytes of data:

Request timed out.

Request timed out.

Request timed out.

Request timed out.

Ping statistics for 203.127.140.242:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

Router#

00:08:48: NAT*: s=220.255.25.219, d=203.127.140.242->202.147.38.253 [444]

00:08:49: NAT*: s=220.255.25.219, d=203.127.140.242->202.147.38.253 [488]

00:08:50: NAT*: s=220.255.25.219, d=203.127.140.242->202.147.38.253 [545]

00:08:52: NAT*: s=220.255.25.219, d=203.127.140.242->202.147.38.253 [593]

Yah..It does translate to .253 but at my pc, it showed request timeout. What is those 593,545,488,444 meant? Notice those value are bigger

I don't know why you are getting request timed out from your pc other then to try and check for the following:

1. Check routing & gateways etc.

2. Turn off desktop firewall

3. check ACL's

The answer to your question regarding the numbers in brackes comes from "debug ip nat" and means the following: "IP identification number of the packet."

See the url listed for more info:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1834/products_feature_guide09186a0080080535.html#1028150

Hi Matoso,

I can able to ping now. But notice that there is some problem with return path. Return path cant reach back to the origination side

4d05h: NAT*: s=202.147.38.237, d=203.127.140.242->202.147.38.253 [63326]

4d05h: NAT*: s=202.147.38.253, d=203.127.140.242->202.147.38.253 [0]

4d05h: NAT*: s=202.147.38.237, d=203.127.140.242->202.147.38.253 [63330]

4d05h: NAT*: s=202.147.38.253, d=203.127.140.242->202.147.38.253 [0]

4d05h: NAT*: s=202.147.38.237, d=203.127.140.242->202.147.38.253 [63333]

4d05h: NAT*: s=202.147.38.237, d=203.127.140.242->202.147.38.253 [63334]

4d05h: NAT*: s=202.147.38.253, d=203.127.140.242->202.147.38.253 [0]

4d05h: NAT*: s=202.147.38.237, d=203.127.140.242->202.147.38.253 [63338]