10-27-2011 12:36 AM - edited 03-04-2019 02:04 PM
hi all
i'm facing problem as: on my router , i can't ping ip address of interface nat outside
my configurate router is :
interface fas1/1
ip add : 4.4.4.4/24
ip nat outside
interface fas1/2
ip add 2.2.2.2/24
ip nat inside
ip nat inside source list 100 interface fas1/1 overload
ip nat inside source static tcp 2.2.2.20 666 4.4.4.4 666
ip access-list exten 100
permit ip host 2.2.2.20 any
ping 4.4.4.4 can't on this router.
could you tell me , where does i miss config ?
thanks
Solved! Go to Solution.
10-29-2011 11:33 PM
I think it is because of NAT overloading with outside interface . Instead of NAT with the outside interface just define a pool and overload with that NAT pool and please let me know if it solves your problem or not ?
ip nat pool test 4.4.4.5 4.4.4.5 netmask 255.255.0
no ip nat inside source list 100 interface fas1/1 overload
ip nat inside source list 100 pool test overload
Regards
Haris P
10-27-2011 12:54 AM
Hi,
I suppose you're not connected on the internet otherwise this may lead to troubles as this address is in a range assigned to Level 3 Communications, Inc.
If this is a lab then verify that the interface is up/up: sh ip int br
Alain.
10-27-2011 01:03 AM
hi
Our router connect to partner via lease line layer 2 , port on router is GigaEthernet
the interface of status is UP
on this router can ping to ip address of partner but can not ping ip nat outside my router
thanks
10-27-2011 01:04 AM
hi,
you're missing the static default route:
ip route 0.0.0.0 0.0.0.0
10-27-2011 01:32 AM
hi
the problem is on the my Router can not ping ip nat outside of it and on router of partner can't ping ip face to face .
anything other is ok
my subnet local and subnet local of parter can ping and access services ok
pls help
thanks
10-27-2011 01:40 AM
Hi,
Can you post complete config and also post result of debug ip pack detail and debug ip nat when you try to ping your
router.
Alain.
10-28-2011 12:41 AM
hi all
i don't why know , when i ping 4.4.4.4 ( ip nat ouside ) on this my router and enable debug ip icmp
so , the router can't receive packet icmp request ,
don't know access-list to have problem ? but in my opinion the traffic requested from router then can't apply access-list
pls help
thanks
10-28-2011 05:03 AM
As cadet has mentioned, please post the full router config.
10-28-2011 08:05 AM
Hi,
Can you remove the below from your config and then try again to ping the outside ip(ip nat outside) of your router from your partner network or from anywhere else?
ip nat inside source static tcp 2.2.2.20 666 4.4.4.4 666 << please remove this for testing
HTH
Regards,
Kishore
10-28-2011 07:46 PM
hi all
We had test on other interface , don't ip nat outside in the interface , then ping ok
may be the problem is Nat outside
pls help
thanks
10-29-2011 11:33 PM
I think it is because of NAT overloading with outside interface . Instead of NAT with the outside interface just define a pool and overload with that NAT pool and please let me know if it solves your problem or not ?
ip nat pool test 4.4.4.5 4.4.4.5 netmask 255.255.0
no ip nat inside source list 100 interface fas1/1 overload
ip nat inside source list 100 pool test overload
Regards
Haris P
10-30-2011 07:18 PM
hi HaRis
i have config pool NAt but can't ping 4.4.4.4 of interface ( ip Nat outside)
ip nat pool test 4.4.4.5 4.4.4.5 netmask 255.255.255.0
ip nat inside soure list 100 pool test overload
ip access-list exten 100
permit ip host 2.2.2.20 any
permit ip host 4.4.4.4 any
permit ip host 4.4.4.5 any
Router's nat table
Pro Inside global Inside local Outside local Outside global
icmp 4.4.4.5 4.4.4.4 4.4.4.4 4.4.4.4
pls help
thanks
10-31-2011 12:17 AM
Try as given below . I think in your ACL 100 you are permitting 4.4.4.4 and 4.4.4.5 and it is not needed . In NAT access-list you have to permit the source IP (inside subnet) only
modify your ACL and please let me know the result
*****************************************
interface f1/1
ip address 4.4.4.4 255.255.255.0
ip nat outside
!
interface f1/2
ip address 2.2.2.2 255.255.255.0
ip nat inside
!
ip nat pool test 4.4.4.5 4.4.4.5 netmask 255.255.255.0
ip nat inside source list 100 pool test overload
ip access-list exten 100
permit ip host 2.2.2.20 any
Or
ip nat inside source list 100 interface f1/1 overload
01-04-2016 03:09 AM
I think this the access-list problem, should change access-list like this:
ip access-list exten 100
deny ip any 4.4.4.4
permit ip host 2.2.2.20 any
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide