Help me understand how this NAT is working? 2921 and UCSE Blade

smolz · ‎12-02-2015

Here is my setup:

2921 router with a UCS/E blade using the backplane port for communications (interface ucse1/0)

On the router port G 0/0 connects to the customer LAN on a DMZ subnet. The ucse blade interface has its own subnet that we cannot have on the customer network so we are natting to addresses in the same LAN as the g0/0 interface for each the esxi server and the virtual machines that are on the blade. The issue that I having is that devices outside of the router can talk to directly to the natted address for the individual virtual machines but if the virtual machines make a connection out they are natted to the interface IP???

interface GigabitEthernet0/0
description --- Connection to Customer DMZ ---
ip address 192.168.100.246 255.255.255.128
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
no mop enabled
crypto ipsec client ezvpn ezvpn
no shutdown

interface ucse1/0
 description --- UCES LAN ---
 ip address 10.1.0.81 255.255.255.240
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly in
 imc ip address 10.1.0.82 255.255.255.240 default-gateway 10.1.0.81 
 imc access-port shared-lom console
 crypto ipsec client ezvpn ezvpn inside
no shutdown


ip nat inside source static 10.1.0.84 192.168.100.247
ip nat inside source static 10.1.0.85 192.168.100.248
ip nat inside source static 10.1.0.86 192.168.100.249
ip nat inside source static 10.1.0.87 192.168.100.250
ip nat inside source static 10.1.0.88 192.168.100.251
ip route 0.0.0.0 0.0.0.0 192.168.100.129
ip route 10.1.0.80 255.255.255.240 ucse1/0

smolz · ‎12-03-2015

anyone?