Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
237
Views
0
Helpful
2
Replies

NAT between interfaces

Mattia
Level 1
Level 1

‎05-05-2022 10:19 AM - edited ‎05-10-2022 06:17 AM

Hello everyone, i'm trying to solve this problem that is very difficult for me because i'm not a Cisco user.

Anyway, i have this situation, the schema it has been simplified:

image.png

The WindowsClient must use some service on WindowsServer via IP 192.168.150.22 and has default gateway 192.168.180.254.

I have already configured the NonCiscoRouter to reach 192.168.150.22 via 192.168.180.250.

I have tried some configuration on NAT, inside/outside, NAT on a stick, but i can't solve my problem.

 

Below a partial configuration that i have created. The server can reach internet but from the WindowsClient i can not reach the server via 192.168.150.22:

 

interface Loopback0
ip address 192.168.150.22 255.255.255.255
ip nat enable
!
interface GigabitEthernet0/0
ip address 192.168.180.250 255.255.255.0
ip nat enable
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 172.20.0.254 255.255.255.0
ip nat enable
duplex auto
speed auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat source list 1 interface GigabitEthernet0/0 overload
ip nat source static tcp 172.20.0.250 3389 192.168.150.22 33901 extendable
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 192.168.180.254
!
access-list 1 permit 172.20.0.0 0.0.0.255

 

On debug i can see that the NAT operation was done (i don't know the command for debug NAT and Flow so i have done debug all):

May 2 14:12:27.186: IPpacketQ deq s=192.168.180.80 (GigabitEthernet0/0), d=192.168.150.22, flags=0x280, tos=0x0, frag_offset=0
May 2 14:12:27.186: TCP src=1666, dst=33901, seq=1323833373, ack=0, win=64240 SYN
May 2 14:12:27.186: IP: s=192.168.180.80 (GigabitEthernet0/0), d=192.168.150.22, len 52, input feature, Stateful Inspection(5), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
%SYS-3-CPUHOG: Task is running for (26404)msecs, more than (2000)msecs (147/55),process = IP Input.
-Traceback= 0x210FF104z 0x21100DE4z 0x2230407Cz 0x223026B8z 0x223E9344z 0x223E9434z 0x229C3298z 0x229D9970z 0x229DADC8z 0x229C3C60z 0x229DD180z 0x229C445Cz 0x229C469Cz 0x229C477Cz 0x229C4994z 0x23682E48z GigabitEthernet0/1)
May 2 14:12:27.186: IP: s=192.168.180.80 (GigabitEthernet0/0), d=192.168.150.22, len 52, input feature, debug packet(9), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
May 2 14:12:27.186: IP: s=192.168.180.80 (GigabitEthernet0/0), d=192.168.150.22, len 52, input feature, MCI Check(80), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
May 2 14:12:27.186: IP: tableid=0, s=192.168.180.80 (GigabitEthernet0/0), d=192.168.150.22 (Loopback0), routed via RIB
May 2 14:12:27.186: IPACL-DP: Implicit deny all invoked
May 2 14:12:27.186: NAT: setting up outside mapping 192.168.150.22->172.20.0.250
May 2 14:12:27.190: vrfmgr: tableid 0 lookup result: no tableID entry
May 2 14:12:27.190: vrfmgr: tableid 0 lookup result: no tableID entry
May 2 14:12:27.190: NAT: i: tcp (192.168.180.80, 1666) -> (192.168.150.22, 33901) [7399]
May 2 14:12:27.190: NAT: created edit_context (0.0.0.0,0) -> (0.0.0.0,0)
May 2 14:12:27.190: NAT: Skipping token 200
May 2 14:12:27.190: NAT: TCP s=1666, d=33901->3389
May 2 14:12:27.190: NAT: s=192.168.180.80, d=192.168.150.22->172.20.0.250 [7399] s_vrf=> , d_vrf=>
May 2 14:12:27.190: NAT-FRAG: tcpmss value :0
May 2 14:12:27.190: NAT-NVI: IP route found: s=192.168.180.80, d=172.20.0.250
%SYS-3-CPUHOG: Task is running for (28232)msecs, more than (2000)msecs (147/55),process = IP Input.
-Traceback= 0x210FF104z 0x21100DE4z 0x22304238z 0x223026B8z 0x223E9344z 0x223E9434z 0x229C32ACz 0x229D9970z 0x229DADC8z 0x229C3C60z 0x229DD180z 0x229C445Cz 0x229C469Cz 0x229C477Cz 0x229C4994z 0x23682E48z , len 60, rcvd 3
May 2 14:12:27.190: IP: s=192.168.180.80 (GigabitEthernet0/0), d=172.20.0.250 (GigabitEthernet0/1), len 52, output feature, Post-routing NAT NVI Output(23), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
May 2 14:12:27.190: IP: Output changed by feature=23: Loopback0 -> GigabitEthernet0/1
May 2 14:12:27.190: IP: s=192.168.180.80 (GigabitEthernet0/0), d=172.20.0.250 (GigabitEthernet0/1), len 52, output feature, debug packet(83), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
May 2 14:12:27.190: IP: s=192.168.180.80 (GigabitEthernet0/0), d=172.20.0.250 (GigabitEthernet0/1), g=172.20.0.250, len 52, forward
May 2 14:12:27.190: ARP DB: ARP entry of key 172.20.0.250 found
May 2 14:12:27.190: IP: s=192.168.180.80 (GigabitEthernet0/0), d=172.20.0.250 (GigabitEthernet0/1), len 52, sending full packet

 

Can you help me to understand how to solve my problem?

Regards

Labels:
0 Helpful
2 Replies 2

Mattia
Level 1
Level 1
In response to MHM Cisco World

‎05-05-2022 12:42 PM

Thank's Cisco World, the reasoning behind your suggestion is:

- the server exits the Cisco router with IP 192.168.150.22

- to reach the server I need to do a port forwarding like -> ip nat source static tcp 172.20.0.250 3389 192.168.150.22 33901

 

correct?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card