Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
402
Views
0
Helpful
1
Replies

Double NAT broke: config is the same

jcw009
Level 1
Level 1

‎08-31-2007 07:39 AM - edited ‎03-03-2019 06:33 PM

Hi all,

I configured a router to do double nat (overlapping ip addresses) a while back. Now, suddenly, my users report that they cannot access the server by it's nat'd address. when they traceroute to the nat'd address, it traces to the router doing the natting, when i ping/tracert to the router, from the server, it works. I cannot ping/tracerouter through the natting router.

I'm looking at the config, and it should be working. The only changte that has been made in the past couple of months, is that I removed a router from the path, implementing vlans, but I've modified the routes on the devices between the server and the natting router, adn the tracert works! Arrgh.

Here's the current running-config of the natting router.

rtr-PDCity#sh ru

Building configuration...

Current configuration : 1378 bytes

!

version 12.2

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname rtr-PDCity

!

logging buffered 4096 debugging

no logging console

enable secret xxx

enable password xxx

!

ip subnet-zero

!

!

!

!

!

interface Loopback0

no ip address

!

interface Ethernet0

description connected to County Network

ip address 10.90.204.12 255.255.255.128

ip nat outside

full-duplex

!

interface FastEthernet0

description connected to City Network

ip address 10.20.14.100 255.255.0.0

ip nat inside

speed auto

half-duplex

!

ip nat pool city 192.168.69.17 192.168.69.22 netmask 255.255.255.248

ip nat inside source list 1 pool city

ip nat outside source static 192.168.5.11 192.168.69.2

ip classless

ip route 0.0.0.0 0.0.0.0 10.90.204.1

ip route 10.10.0.0 255.255.0.0 10.20.14.31

ip route 10.70.0.0 255.255.0.0 10.20.14.31

ip route 192.168.20.50 255.255.255.255 10.90.204.1

ip route 192.168.69.2 255.255.255.255 Ethernet0

ip route 192.168.69.16 255.255.255.248 FastEthernet0

no ip http server

!

!

access-list 1 permit 10.70.0.0 0.0.255.255

access-list 1 permit 10.20.0.0 0.0.255.255

access-list 1 permit 10.10.0.0 0.0.255.255

snmp-server community public RO

!

line con 0

password xxx

login

line aux 0

password xxx

login

line vty 0 4

password xxx

login

!

end

rtr-PDCity#

Server 192.168.5.11

|

|

ASA

|

|

Router

|

|

L3Switch

|

|vlan 16

|

natting router

|

|

router

|

|

clients

Thanks for any help!

-Jeff

Labels:
0 Helpful
1 Reply 1

ohassairi
Level 5
Level 5

‎09-03-2007 11:05 AM

in such situation i prefer you use a sniffer (etherreal) in inside and outside the nating router to see what hapens exactly, then you can follow the packet till the destination and find who is the wrong point!

etherreal is freeware, think to use filters when capturing

0 Helpful
Customers Also Viewed These Support Documents