Cisco Community
English
Register
ANNOUNCEMENT - The community will be down for maintenace this Thursday August 13 from 12:00 AM PT to 02:00 AM PT. As a precaution save your work.
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
687
Views
0
Helpful
9
Replies
Highlighted
ปลาวาฬทราย RMUTT CPE IX
Participant
Participant
‎06-18-2019 02:14 AM
‎06-18-2019 02:14 AM

Could the Cisco router do return NAT?

My configuration looks like:

interface GigabitEthernet0/0
 description External
 ip address x.223.40.119 255.255.255.0
 ip nat enable
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 description Internal
 ip address x.100.1.253 255.255.255.0
 ip nat enable
 duplex auto
 speed auto
!
ip nat source static x.100.1.202 x.223.40.154
ip nat source static x.100.1.204 x.223.40.155

The x.100.1.202 can't ping & rdp to x.223.40.155. How should I do?

Everyone's tags (5)
0 Helpful
Reply
9 REPLIES 9
Highlighted
omz
Collaborator
Collaborator
‎06-18-2019 02:32 AM
‎06-18-2019 02:32 AM

Re: Could the Cisco router do return NAT?

Hi 

Under the interface config you need - ip nat inside / ip nat outside command on the appropriate interface. 

See example - 

https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/13773-2.html

 

 

0 Helpful
Reply
Highlighted
ปลาวาฬทราย RMUTT CPE IX
Participant
Participant
‎06-18-2019 03:23 AM
‎06-18-2019 03:23 AM

Re: Could the Cisco router do return NAT?

My configuration now looks like:

interface GigabitEthernet0/0
 description External
 ip address x.223.40.119 255.255.255.0
 ip nat outside
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 description Internal
 ip address x.100.1.253 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
ip nat inside source static x.100.1.202 x.223.40.154
ip nat inside source static x.100.1.204 x.223.40.155

The x.100.1.202 can ping but can't rdp to x.223.40.155.

I tried to add more 2 commands:

ip nat outside source static x.223.40.154 x.100.1.202
ip nat outside source static x.223.40.155 x.100.1.204

The x.100.1.202 can't ping & rdp to x.223.40.155. How should I do?

 

Thank you very much.

0 Helpful
Reply
Highlighted
paul driver
VIP Mentor VIP Mentor
VIP Mentor
‎06-18-2019 05:38 AM
‎06-18-2019 05:38 AM

Re: Could the Cisco router do return NAT?

Hello
Externally you should be able to ping towards  x.223.40.154 and see a translation to x.100.1.202  and the same goes for  x.223.40.155 and see a translation to x.100.1.204
Internally you should be able to ping anything internal without nat being introduced. 

 

Now if are you wishing to connect to the external natted address of an internal host from another internal host?

Then were correct in the first place to use domian-less nat (ip nat enable,  ip nat source static xx)  and it should have worked

Can you post the configuration of your rtr, Do you have a default applied?



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
0 Helpful
Reply
Highlighted
ปลาวาฬทราย RMUTT CPE IX
Participant
Participant
‎06-18-2019 08:33 PM
‎06-18-2019 08:33 PM

Re: Could the Cisco router do return NAT?

The configuration in the topic and I also attach of the whole router.

The x.100.1.202 can't ping & rdp to x.223.40.155. How should I do?

1.jpg

# sho ip nat nvi tra icmp
Pro Source global         Source local          Destin  local         Destin  global
icmp x.170.119.58:39556 x.170.119.58:39556  x.223.40.155:39556  x.100.1.204:39556
icmp x.170.119.58:44676 x.170.119.58:44676  x.223.40.154:44676  x.100.1.202:44676
icmp x.223.40.154:1     x.100.1.202:1        x.223.40.155:1      x.100.1.204:1

Thank you very much.

0 Helpful
Reply
Highlighted
paul driver
VIP Mentor VIP Mentor
VIP Mentor
‎06-19-2019 01:39 AM
‎06-19-2019 01:39 AM

Re: Could the Cisco router do return NAT?

Hello

Your nat configuration seems correct.
It could be something else that is negating response between these hosts from natted address.

On host x.100.1.202 does it have a default-gateway towards the nat router, any software fw etc..



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
0 Helpful
Reply
Highlighted
ปลาวาฬทราย RMUTT CPE IX
Participant
Participant
‎06-19-2019 03:36 AM
‎06-19-2019 03:36 AM

Re: Could the Cisco router do return NAT?

2.jpg

How should I do?

 

Thank you very much.

0 Helpful
Reply
Highlighted
paul driver
VIP Mentor VIP Mentor
VIP Mentor
‎06-19-2019 03:47 AM
‎06-19-2019 03:47 AM

Re: Could the Cisco router do return NAT?

Hello

Can you turn off any software fw on those hosts please, Also clear arp from the rtr and the hosts and test again.



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
0 Helpful
Reply
Highlighted
ปลาวาฬทราย RMUTT CPE IX
Participant
Participant
‎06-19-2019 04:36 AM
‎06-19-2019 04:36 AM

Re: Could the Cisco router do return NAT?

The x.100.1.202 can't ping & rdp to x.223.40.155. However, x.100.1.202 can ping & rdp to x.100.1.204 and external (another public subnet) also can ping & rdp to x.223.40.155 normally.

 

Thank you very much.

0 Helpful
Reply
Highlighted
paul driver
VIP Mentor VIP Mentor
VIP Mentor
‎06-19-2019 05:10 AM
‎06-19-2019 05:10 AM

Re: Could the Cisco router do return NAT?

Hello

As I said something else is negating this access and for you to confirm it was working suggests a change has occurred so now to prohibit connection.

 

What is sitting behind the lan interface of the nat rtr where these host are located?



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
0 Helpful
Reply
Latest Contents
Basic question on choosing P nodes for FRR
Created by EasonY on 08-13-2020 08:06 PM
0
0
0
0
Hi,I've had below topology: So from RT1's perspective, if link RT1 - RT5 is the link to be protected, the P-space (RT1, Redlink) will be RT2? I can see the definition of P space of RT1 is the set of nodes that RT1 can reach as per pre-convergenc... view more
Cisco 3650 cannot boot up
Created by ChhunCam on 08-13-2020 03:46 AM
9
0
9
0
Dear all, please kindly advise how to can configure on Rommon on switch 3650please kindly see in the attach file. Best regards,
How to configure a management vlan while using GRE tunnel
Created by Zurattos on 08-11-2020 02:44 PM
0
0
0
0
Hello , I really need your help , how can I configure a management vlan for the switch while using GRE tunnel between two routers ? Best Regards 
Cisco Champion Radio: S7|E30 Taming Your AI/ ML Workloads wi...
Created by aalesna on 08-11-2020 10:22 AM
0
0
0
0
Cisco Champion Radio · S7|E30 Taming Your AI/ ML Workloads with Kubeflow   As organizations increasingly introduce machine learning (ML) capabilities to their existing products, their artificial intelligence (AI) projects and operations complexity g... view more
Cisco IOS-XE 17.3.1 – Catalyst 9000 Switching Updates
Created by dhristov on 08-10-2020 11:56 AM
0
5
0
5
Cisco IOS-XE 17.3.1 – Catalyst Switching Updates   Table of Contents IOS-XE 17.3.1 Hardware Additions since IOS-XE 17.2.1 Key Summary Features Platform and Infra Features High Availability Features Routing / MPLS / VPN Features Security Features &nbs... view more
Content for Community-Ad

Cisco Community May 2020 Spotlight Award Winners

Follow our Social Media Channels