Re: One-to-one NAT not accessible from router

bkayma · ‎02-27-2002

I am using a 3620 IOS 11.3. I have an ethernet interface using NAT (with a one-to-one static map for a mail server). I am not able to telnet to port 25 of the public IP when sourcing from an interface within this router, but I can telnet to the private IP on port 25. From anywhere else I can access the server via the public IP. I tried putting a static route for the public ip to route to the inside to no avail. I am curious to know if there is a resolution to this issue without having to resort to re-configuring the interface to a public subnet.

mm1 · ‎03-03-2002

hi,

does it work if you specify the source ip of the nat outside interface? which source ip do you use to establish the session (as you mentioned a one-to-one mapping)?

martin

bkayma · ‎03-04-2002

It works if I source from the serial interface to the public IP, but if I source from an ethernet interface, only the private IP responds

mm1 · ‎03-04-2002

hi bill,

so it's something like that?

int serial0

ip addr 1.2.3.4 255.255.255.0

ip nat outside

!

int eth0

ip addr 192.168.0.1 255.255.255.0

ip nat inside

!

int eth1

ip addr 192.168.1.1 255.255.255.0

!

ip telnet source-interface serial 0

!

ip nat inside source static 192.168.0.2 1.2.3.5

!

Did I forget some relevant parts? Did you configure the specified ethernet interfaces as parts of the NAT config?

martin

bkayma · ‎03-05-2002

martin-

here is the config:

!

interface Serial1/0

description - T1 to ATL7500 Int Serial1/0/0/27:0 CID -- 40DHDG517290 (B.S)

ip address 172.16.2.18 255.255.255.252

no ip redirects

no ip directed-broadcast

ip nat outside

!

interface FastEthernet0/0.7

description Benjamin Williams

encapsulation isl 7

ip address 192.168.7.1 255.255.255.0

no ip redirects

no ip directed-broadcast

ip nat inside

arp timeout 0

!

interface FastEthernet0/0.8

description WLR

encapsulation isl 8

ip address 216.230.65.81 255.255.255.248

no ip redirects

no ip directed-broadcast

ip nat inside

arp timeout 0

!

ip nat inside source static 192.168.7.2 216.230.67.213

The mail server exists at 192.168.7.2...

ATLTowPl#telnet 216.230.67.213 25 /source FastEthernet0/0.8

Trying 216.230.67.213, 25 ...

% Connection timed out; remote host not responding

ATLTowPl#telnet 192.168.7.2 25 /source FastEthernet0/0.8

Trying 192.168.7.2, 25 ... Open

220 bwserv01.walawfirm.com Microsoft ESMTP MAIL Service, Version: 5.0.2195.4453 ready at Tue, 5 Mar 2002 10:38:46 -0500

quit

221 2.0.0 bwserv01.walawfirm.com Service closing transmission channel

[Connection to 192.168.7.2 closed by foreign host]

ATLTowPl#telnet 216.230.67.213 25 /source Serial1/0

Trying 216.230.67.213, 25 ... Open

220 bwserv01.walawfirm.com Microsoft ESMTP MAIL Service, Version: 5.0.2195.4453 ready at Tue, 5 Mar 2002 10:40:30 -0500

quit

221 2.0.0 bwserv01.walawfirm.com Service closing transmission channel

[Connection to 216.230.67.213 closed by foreign host]

ATLTowPl#

I tried a static route (ip route 216.230.67.213 255.255.255.255 192.168.7.2)...but that didn't work

Thanks-

Bill

mm1 · ‎03-05-2002

hi,

it should work if you configure the fa0/0.8 as a nat outside interface.

martin