Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1251
Views
0
Helpful
9
Replies

Could the Cisco router do return NAT?

ปลาวาฬทราย RMUTT CPE IX
Enthusiast
Enthusiast

‎06-18-2019 02:14 AM - edited ‎06-18-2019 03:45 AM

My configuration looks like:

interface GigabitEthernet0/0
 description External
 ip address x.223.40.119 255.255.255.0
 ip nat enable
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 description Internal
 ip address x.100.1.253 255.255.255.0
 ip nat enable
 duplex auto
 speed auto
!
ip nat source static x.100.1.202 x.223.40.154
ip nat source static x.100.1.204 x.223.40.155

The x.100.1.202 can't ping & rdp to x.223.40.155. How should I do?

Labels:
0 Helpful
9 Replies 9

omz
Collaborator
Collaborator

‎06-18-2019 02:32 AM

Hi 

Under the interface config you need - ip nat inside / ip nat outside command on the appropriate interface. 

See example - 

https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/13773-2.html

 

 

0 Helpful

ปลาวาฬทราย RMUTT CPE IX
Enthusiast
Enthusiast
In response to omz

‎06-18-2019 03:23 AM - edited ‎06-18-2019 03:46 AM

My configuration now looks like:

interface GigabitEthernet0/0
 description External
 ip address x.223.40.119 255.255.255.0
 ip nat outside
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 description Internal
 ip address x.100.1.253 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
ip nat inside source static x.100.1.202 x.223.40.154
ip nat inside source static x.100.1.204 x.223.40.155

The x.100.1.202 can ping but can't rdp to x.223.40.155.

I tried to add more 2 commands:

ip nat outside source static x.223.40.154 x.100.1.202
ip nat outside source static x.223.40.155 x.100.1.204

The x.100.1.202 can't ping & rdp to x.223.40.155. How should I do?

 

Thank you very much.

0 Helpful

paul driver
VIP Expert VIP Expert
VIP Expert

‎06-18-2019 05:38 AM

Hello
Externally you should be able to ping towards  x.223.40.154 and see a translation to x.100.1.202  and the same goes for  x.223.40.155 and see a translation to x.100.1.204
Internally you should be able to ping anything internal without nat being introduced. 

 

Now if are you wishing to connect to the external natted address of an internal host from another internal host?

Then were correct in the first place to use domian-less nat (ip nat enable,  ip nat source static xx)  and it should have worked

Can you post the configuration of your rtr, Do you have a default applied?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

ปลาวาฬทราย RMUTT CPE IX
Enthusiast
Enthusiast
In response to paul driver

‎06-18-2019 08:33 PM - edited ‎06-18-2019 08:46 PM

The configuration in the topic and I also attach of the whole router.

The x.100.1.202 can't ping & rdp to x.223.40.155. How should I do?

1.jpg

# sho ip nat nvi tra icmp
Pro Source global         Source local          Destin  local         Destin  global
icmp x.170.119.58:39556 x.170.119.58:39556  x.223.40.155:39556  x.100.1.204:39556
icmp x.170.119.58:44676 x.170.119.58:44676  x.223.40.154:44676  x.100.1.202:44676
icmp x.223.40.154:1     x.100.1.202:1        x.223.40.155:1      x.100.1.204:1

Thank you very much.

Preview file
2 KB
0 Helpful

paul driver
VIP Expert VIP Expert
VIP Expert
In response to ปลาวาฬทราย RMUTT CPE IX

‎06-19-2019 01:39 AM

Hello

Your nat configuration seems correct.
It could be something else that is negating response between these hosts from natted address.

On host x.100.1.202 does it have a default-gateway towards the nat router, any software fw etc..


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

ปลาวาฬทราย RMUTT CPE IX
Enthusiast
Enthusiast
In response to paul driver

‎06-19-2019 03:36 AM

2.jpg

How should I do?

 

Thank you very much.

0 Helpful

paul driver
VIP Expert VIP Expert
VIP Expert
In response to ปลาวาฬทราย RMUTT CPE IX

‎06-19-2019 03:47 AM

Hello

Can you turn off any software fw on those hosts please, Also clear arp from the rtr and the hosts and test again.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

ปลาวาฬทราย RMUTT CPE IX
Enthusiast
Enthusiast
In response to paul driver

‎06-19-2019 04:36 AM - edited ‎06-19-2019 04:40 AM

The x.100.1.202 can't ping & rdp to x.223.40.155. However, x.100.1.202 can ping & rdp to x.100.1.204 and external (another public subnet) also can ping & rdp to x.223.40.155 normally.

 

Thank you very much.

0 Helpful

paul driver
VIP Expert VIP Expert
VIP Expert
In response to ปลาวาฬทราย RMUTT CPE IX

‎06-19-2019 05:10 AM

Hello

As I said something else is negating this access and for you to confirm it was working suggests a change has occurred so now to prohibit connection.

 

What is sitting behind the lan interface of the nat rtr where these host are located?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents