cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2397
Views
0
Helpful
2
Replies

Multiple Static NAT on 2811 routers

g.ayllon
Level 1
Level 1

Hi guys

I have configured a multiple static NAT  for a firewall (10.100.1.2) using ip nat inside source static on a 2600 router with one ethernet interface as inside and two ethernet interfaces and a serial interface as outside, using the following commands:

ip nat inside source static 10.100.1.2 x.x.x.x extendable (ISP 1)

ip nat inside source static 10.100.1.2 y.y.y.y extendable (ISP 2)

ip nat inside source static 10.100.1.2 z.z.z.z extendable (ISP 3)

int e0/0

ip address 10.100.1.1

ip nat inside

int e0/1

ip address x.x.x.1

ip nat outside

int e1/0

ip address y.y.y.1

ip nat outside

int s0/0

ip address z.z.z.1

ip nat outside

This configuration worked well, but, when we replaced the old 2600 router by a new 2811 router (12.4(24)T), only two of the static NAT (one ethernet and the serial interface) instances are working, we are unable to reach the (y.y.y.y) address, however the router interface on that ISP is still reachable. Are there any bug with the IOS version?, are there another option to configure the new router?

Gonzalo

2 Replies 2

Hi,

Not aware of any bug.

Pretty sure it should work.

Are you sure nothing else has changed (besides the hardware replacement) like an ACL or something?

If the IP of that interface is reachable, then we are fine up to that point.

One test that you can do is to create a static route out the interface that is not working...

i.e

ip route 4.2.2.1 255.255.255.255 of non-working interface

Then, from 10.100.1.2 you can try to PING that address.

What should happen is that 10.100.1.2 should be translated correctly to the public IP assigned to that interface and get out to the Internet.

You say the problem is accesing y.y.y.y, let's see if it can get outbound traffic using that IP.

Federico.

Thanks Federico.

No changes were made during the replacement, I have also tried natting over router interface and it works fine, I do not have more free IP addresses to test, but if PAT is working, I think there is no problem with the router nor IOS, I know it sounds a little weird, but it happens, also, I have requested to ISP a test over those links, maybe some problem in their ip assignment or something like that.

I will comment you guy.

Regards. 

Review Cisco Networking for a $25 gift card