Re: How to allow ICMP on my router

ekpesinyang · ‎01-18-2018

Hello people,

Please I need an assistance. I have a configuration i'm running for a purpose

"ip nat inside source list 101 interface FastEthernet0/1 overload
ip nat inside source static tcp 192.168.0.1 23 195.110.22.30 23 extendable
ip nat inside source static 192.168.1.200 195.110.22.30 extendable"

I'm hosting an application on 192.168.1.200 and my other branch access in from the public IP address : 195.110.22.30. But my problem now is that if i'm pinging from outside the icmp echo is replying from 192.168.1.200 system. I was to redirect the icmp echo to respond on the router rather than going to the system inside because at times if the system is powered off, i cant monitor my up time by pinging. Please Help.

Thank You.

Pawan Raut · ‎01-18-2018

You can achieve this using conditional NAT statement for any TCP/UDP traffic redirect to that host and for icmp it should go to any router interafce. Please let me know if you need assistance for router configuration for it.

Regards,
Pawan

(Make Sure you rate for helpful post)

ekpesinyang · ‎01-19-2018

Pawan, Thank you for your reply. Please Kindly assist me with the config. Thanks.

paul driver · ‎01-18-2018

Hello

@ekpesinyang wrote:

Hello people,

Please I need an assistance. I have a configuration i'm running for a purpose

"ip nat inside source list 101 interface FastEthernet0/1 overload
ip nat inside source static tcp 192.168.0.1 23 195.110.22.30 23 extendable
ip nat inside source static 192.168.1.200 195.110.22.30 extendable"

I'm hosting an application on 192.168.1.200 and my other branch access in from the public IP address : 195.110.22.30. But my problem now is that if i'm pinging from outside the icmp echo is replying from 192.168.1.200 system. I was to redirect the icmp echo to respond on the router rather than going to the system inside because at times if the system is powered off, i cant monitor my up time by pinging. Please Help.

Thank You.

Not sure I understand but first of all why are you using the extendable keyword it only used when you natting with the same inside source address to different port/global addressing etc.

Can you post your full config of nat and access-list 101 please.

Just to confirm you are pinging 195.110.22.30 and it returning 192.168.1.200 correct?

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

ekpesinyang · ‎01-19-2018

Hello paul,

please see the config you requested here.

"ip nat inside source list 101 interface FastEthernet0/1 overload
ip nat inside source static tcp 192.168.1.1 23 197.210.22.30 23 extendable
ip nat inside source static 192.168.1.200 197.210.22.30 extendable
!
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
! "

paul driver · ‎01-19-2018

@paul driver wrote:

Hello

Not sure I understand but first of all why are you using the extendable keyword it only used when you natting with the same inside source address to different port/global addressing etc.

Can you post your full config of nat and access-list 101 please.

Just to confirm you are pinging 195.110.22.30 and it returning 192.168.1.200 correct?

res
Paul

Can you please clarify the above???

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

ekpesinyang · ‎01-19-2018

Hello Paul Like i stated already, the configuration is to allow me have access to an application hosted on 192.168.1.200 has to be accessed. since i'm not very sure of the port the application is using, i had to give extendable to make sure everything is allowed. Thank you.

Zain Khan · ‎01-20-2018

can you draw a topoly whats you doing and how your NAT is applying because i am still unable to understand why you using extendable

Zain Khan
https://www.linkedin.com/in/forzain/