06-20-2006 02:12 AM - edited 03-03-2019 01:03 PM
Here I have a nat issue. On cisco 827 I want to disable nat because behind the router and before lan I already have a firewall with nat. However disabling nat then I even can't reach the firewall wan interface. Both firewall (wan interface)and router (ethernet interface) have public ip address.
06-20-2006 02:19 AM
first of all remove the NAT inside or outeside command from your interface just by adding no before the whole command syntex... then by adding no on all the NAT command you will disable the whole NAT...
rate this post if it helps
Regards
Devang
06-20-2006 03:14 AM
actually that is what I've done
I just left:
ip nat inside source static tcp firwallIP 443 routerIP 443 extendable
to enable remote management on firewall (zyxell firewall)
06-20-2006 07:13 AM
I completely have no nat now, but why can't I ping firewall wan interface? ethernet router interface and firwall wan interface are on the same subnet so WHY they can't ping each other?
06-20-2006 10:05 AM
what i understood is you are pinging the router interface from firewall and wise-a-vise
you need to check some thing
do firewall natting if yes your nat block i.e. 202.0.0.0/24 should be there in router's routing table and policy should be open in the firewall for ICMP packet to go through from router's ethernet ip to firewall wan ip which is public.
as in ur case wan ip of firewall and router ip is in same subnet than you need to look at policy applied on firewall.
try a extended ping or ping from lan side to any public ip that should reachable againg policy need to be open for ICMP to go through firewall for that sorce and destination.
HTH lets us know
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide