cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1472
Views
0
Helpful
9
Replies

Could the Cisco router do return NAT?

My configuration looks like:

interface GigabitEthernet0/0
 description External
 ip address x.223.40.119 255.255.255.0
 ip nat enable
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 description Internal
 ip address x.100.1.253 255.255.255.0
 ip nat enable
 duplex auto
 speed auto
!
ip nat source static x.100.1.202 x.223.40.154
ip nat source static x.100.1.204 x.223.40.155

The x.100.1.202 can't ping & rdp to x.223.40.155. How should I do?

9 Replies 9

omz
VIP Alumni
VIP Alumni

Hi 

Under the interface config you need - ip nat inside / ip nat outside command on the appropriate interface. 

See example - 

https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/13773-2.html

 

 

My configuration now looks like:

interface GigabitEthernet0/0
 description External
 ip address x.223.40.119 255.255.255.0
 ip nat outside
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 description Internal
 ip address x.100.1.253 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
ip nat inside source static x.100.1.202 x.223.40.154
ip nat inside source static x.100.1.204 x.223.40.155

The x.100.1.202 can ping but can't rdp to x.223.40.155.

I tried to add more 2 commands:

ip nat outside source static x.223.40.154 x.100.1.202
ip nat outside source static x.223.40.155 x.100.1.204

The x.100.1.202 can't ping & rdp to x.223.40.155. How should I do?

 

Thank you very much.

Hello
Externally you should be able to ping towards  x.223.40.154 and see a translation to x.100.1.202  and the same goes for  x.223.40.155 and see a translation to x.100.1.204
Internally you should be able to ping anything internal without nat being introduced. 

 

Now if are you wishing to connect to the external natted address of an internal host from another internal host?

Then were correct in the first place to use domian-less nat (ip nat enable,  ip nat source static xx)  and it should have worked

Can you post the configuration of your rtr, Do you have a default applied?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

The configuration in the topic and I also attach of the whole router.

The x.100.1.202 can't ping & rdp to x.223.40.155. How should I do?

1.jpg

# sho ip nat nvi tra icmp
Pro Source global         Source local          Destin  local         Destin  global
icmp x.170.119.58:39556 x.170.119.58:39556  x.223.40.155:39556  x.100.1.204:39556
icmp x.170.119.58:44676 x.170.119.58:44676  x.223.40.154:44676  x.100.1.202:44676
icmp x.223.40.154:1     x.100.1.202:1        x.223.40.155:1      x.100.1.204:1

Thank you very much.

Hello

Your nat configuration seems correct.
It could be something else that is negating response between these hosts from natted address.

On host x.100.1.202 does it have a default-gateway towards the nat router, any software fw etc..


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

2.jpg

How should I do?

 

Thank you very much.

Hello

Can you turn off any software fw on those hosts please, Also clear arp from the rtr and the hosts and test again.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

The x.100.1.202 can't ping & rdp to x.223.40.155. However, x.100.1.202 can ping & rdp to x.100.1.204 and external (another public subnet) also can ping & rdp to x.223.40.155 normally.

 

Thank you very much.

Hello

As I said something else is negating this access and for you to confirm it was working suggests a change has occurred so now to prohibit connection.

 

What is sitting behind the lan interface of the nat rtr where these host are located?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: