Re: disabling nat issue

tnet2003 · ‎06-20-2006

Here I have a nat issue. On cisco 827 I want to disable nat because behind the router and before lan I already have a firewall with nat. However disabling nat then I even can't reach the firewall wan interface. Both firewall (wan interface)and router (ethernet interface) have public ip address.

devang_etcom · ‎06-20-2006

first of all remove the NAT inside or outeside command from your interface just by adding no before the whole command syntex... then by adding no on all the NAT command you will disable the whole NAT...

rate this post if it helps

Regards

Devang

tnet2003 · ‎06-20-2006

actually that is what I've done

I just left:

ip nat inside source static tcp firwallIP 443 routerIP 443 extendable

to enable remote management on firewall (zyxell firewall)

tnet2003 · ‎06-20-2006

I completely have no nat now, but why can't I ping firewall wan interface? ethernet router interface and firwall wan interface are on the same subnet so WHY they can't ping each other?

kamlesh.sharma · ‎06-20-2006

what i understood is you are pinging the router interface from firewall and wise-a-vise

you need to check some thing

do firewall natting if yes your nat block i.e. 202.0.0.0/24 should be there in router's routing table and policy should be open in the firewall for ICMP packet to go through from router's ethernet ip to firewall wan ip which is public.

as in ur case wan ip of firewall and router ip is in same subnet than you need to look at policy applied on firewall.

try a extended ping or ping from lan side to any public ip that should reachable againg policy need to be open for ICMP to go through firewall for that sorce and destination.

HTH lets us know