cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5620
Views
0
Helpful
8
Replies

ISR 4331 Source & Destination NAT configuration

japes1966
Level 1
Level 1

Hi,

 

Would you be able to assist with a NAT configuration on a ISR 4331 router?

Apologies if this request is quite simple.  I have tried applying a configuration on the router without success

 

See the attached JPEG picture.

 

Our Solarwinds server needs to poll (icmp only) the destination BGP Peer IP so that we can be aware if there is a circuit issue. Solarwinds can only target an internal RFC 1918 address or public address. So the Solarwinds server can`t target the real address of the destination BGP Peer but an internal IP address.

 

Let me know if you require further details.

 

Kind regards

Jean-Paul   

 

8 Replies 8

Hello,

 

did you try:

 

ip nat inside source static 10.118.248.35 10.23.121.57 extendable

 

For ICMP you cannot use TCP or UDP, so your only option is to translate the 'full' address...

Hi,

 

Thank you for your reply and time

 

I tried this configuration previously which didn`t work ...

 

interface GigabitEthernet0/0/0
 description ### ##
 ip address 10.23.121.57 255.255.255.252
 speed 100

 no negotiation auto

ip nat outside

 

interface GigabitEthernet0/0/1
 description ### ###
 ip address 10.118.7.22 255.255.255.248
 negotiation auto

ip nat inside

 

ip nat inside source static 10.118.248.35 10.23.121.57
ip nat outside source static 10.118.45.74 10.23.121.58

 

ip route 10.118.248.35 255.255.255.255 10.118.7.17

 

Hello,

IP nat outside and inside will not work, since in your situation both intetfaces need tp be outside as well as inside. Did you try the config I suggested ?

Hi,

 

I have added "ip nat inside source static 10.118.248.35 10.23.121.57 extendable" but still no joy.

 

Is another NAT entry also required to translate the inside target destination IP: 10.118.45.74 to the outside target destination IP: 10.23.121.58?

 

Attached is the current configuration of the router.

 

Please let me know if am missing any further NAT configuration.

 

Thank you for your time.

Hello, 

 

the NAT configuration looks ok, the routing might be the problem.

 

Try and delete all static routes and just add:

 

ip route 0.0.0.0 0.0.0.0 10.23.121.58

Hi,

 

Good morning.

 

With these existing static routes still in place. 

 

ip route 10.118.22.217 255.255.255.255 10.118.7.17
ip route 10.118.248.35 255.255.255.255 10.118.7.17
ip route vrf Mgmt-intf 0.0.0.0 0.0.0.0 10.118.250.1

 

I did a debug ip icmp whilst a continuous ping was running from our Solarwinds server (10.118.248.35) to internal NAT destination 10.118.45.74 (for external IP: 10.23.121.58)

 

*Apr 10 08:51:37.085: ICMP: dst (10.23.121.57) port unreachable sent to 10.23.121.58
*Apr 10 08:51:37.872: ICMP: dst (10.23.121.57) port unreachable sent to 10.23.121.58
*Apr 10 08:51:38.847: ICMP: dst (10.23.121.57) port unreachable sent to 10.23.121.58
*Apr 10 08:51:39.841: ICMP: dst (10.23.121.57) port unreachable sent to 10.23.121.58

 

Then added a route ip route 0.0.0.0 0.0.0.0 10.23.121.58 with the other statics still in place

 

ip route 0.0.0.0 0.0.0.0 10.23.121.58
ip route 10.118.22.217 255.255.255.255 10.118.7.17
ip route 10.118.248.35 255.255.255.255 10.118.7.17
ip route vrf Mgmt-intf 0.0.0.0 0.0.0.0 10.118.250.1

 

Still getting

 

*Apr 10 08:57:02.298: ICMP: dst (10.23.121.57) port unreachable sent to 10.23.121.58
*Apr 10 08:57:03.220: ICMP: dst (10.23.121.57) port unreachable sent to 10.23.121.58
*Apr 10 08:57:04.206: ICMP: dst (10.23.121.57) port unreachable sent to 10.23.121.58

 

Thanks

Jean-Paul

 

 

 

Hello

just to confirm you wish to monitor via solarwinds internal ip your own rtrs bgp external ip address 10.23.121.57 or the isp public address 10.23.121.58 ?

 

res

paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Hi,

 

Our Solarwinds server (10.118.248.35) needs to poll the far end IP: 10.23.121.58 connected to our router via the leased line circuit. 

 

Kind regards