08-06-2013 06:08 PM - edited 03-04-2019 08:41 PM
Greetings!
I am having issues with NAT Overload and NAT Static translations
I have 1 public IP overloaded for outbound browsing for my servers, desktops, etc.
I have STATIC NAT translations for inbound communication. (http, https, rdp)
All of my inbound communication works great. (inside <= outside)
My issue is with OUTBOUND connectivity. (inside => outside)
4 of my 8 servers can perform all outbound connections perfectly. (telnet, ping, http, etc)
The other 4 of my 8 are NOT able to perform any outbound connections.
These 4 can’t even ping the WAN gateway, even though they are serving up web pages and allowing RDP from the outside to inside.
Im new to cisco, but familiar with concept of NAT and routing.
Clearly Im missing something really fundamental.
Config is below.
Anyone have any suggestions?
Thanks in advance.
Ross
dtrouter01#sh run
Building configuration...
Current configuration : 5104 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname dtrouter01
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 $1$Hthu$F8UN7fFoNr5sQ5DDlZOzq0
!
aaa new-model
!
aaa session-id common
clock timezone PST8PDT -8
clock summer-time PST8PDT recurring
dot11 syslog
no ip source-route
!
ip dhcp bootp ignore
!
ip cef
!
!
no ip bootp server
ip domain name dtrouter01.dunhamtech.com
!
multilink bundle-name authenticated
!
username dtadmin password 7 04710A0504244041191C43
archive
log config
hidekeys
!
ip ssh time-out 60
ip ssh authentication-retries 2
!
interface FastEthernet0/0
ip address 69.43.173.37 255.255.255.240
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 69.43.173.33
no ip http server
no ip http secure-server
!
!
ip nat pool ovrld 69.43.173.40 69.43.173.40 prefix-length 28
ip nat inside source list 7 pool ovrld overload
ip nat inside source static tcp 192.168.10.70 22 69.43.173.36 22 extendable
ip nat inside source static tcp 192.168.10.71 80 69.43.173.36 80 extendable
ip nat inside source static tcp 192.168.10.226 3389 69.43.173.36 3389 extendable
ip nat inside source static tcp 192.168.10.75 80 69.43.173.37 80 extendable
ip nat inside source static tcp 192.168.10.75 443 69.43.173.37 443 extendable
ip nat inside source static tcp 192.168.10.70 80 69.43.173.38 80 extendable
ip nat inside source static tcp 192.168.10.27 3389 69.43.173.38 3389 extendable
ip nat inside source static tcp 192.168.10.57 80 69.43.173.39 80 extendable
ip nat inside source static tcp 192.168.10.57 443 69.43.173.39 443 extendable
ip nat inside source static tcp 192.168.10.57 3389 69.43.173.39 3389 extendable
ip nat inside source static tcp 192.168.10.52 80 69.43.173.41 80 extendable
ip nat inside source static tcp 192.168.10.70 80 69.43.173.42 80 extendable
ip nat inside source static tcp 192.168.10.50 80 69.43.173.43 80 extendable
ip nat inside source static tcp 192.168.10.50 443 69.43.173.43 443 extendable
ip nat inside source static tcp 192.168.10.50 3389 69.43.173.43 3389 extendable
ip nat inside source static tcp 192.168.10.78 80 69.43.173.44 80 extendable
ip nat inside source static tcp 192.168.10.78 443 69.43.173.44 443 extendable
ip nat inside source static tcp 192.168.10.228 3389 69.43.173.44 3389 extendable
ip nat inside source static tcp 192.168.10.79 80 69.43.173.45 80 extendable
ip nat inside source static tcp 192.168.10.79 443 69.43.173.45 443 extendable
ip nat inside source static tcp 192.168.10.80 80 69.43.173.46 80 extendable
ip nat inside source static tcp 192.168.10.80 443 69.43.173.46 443 extendable
ip nat inside source static tcp 192.168.10.227 3389 69.43.173.46 3389 extendable
!
access-list 7 permit 192.168.10.0 0.0.0.254
no cdp run
!
control-plane
!
banner login ^C
***************
Dunham Tech | Go Away | No Access is Allowed
***************
^C
!
line con 0
password 7 080B4D4D021C0918020E4A
line aux 0
password 7 080B4D4D021C0918020E4A
line vty 0 4
password 7 132F1611000908253B216E
transport input ssh
!
scheduler allocate 20000 1000
end
Solved! Go to Solution.
08-07-2013 12:41 AM
Hi,
access-list 7 permit 192.168.10.0 0.0.0.254
With this wildcard mask in the last octet you don't care about any bits apart from the right one which must be zero so you are matching only even addresses.
Change this to
access-list 7 permit 192.168.10.0 0.0.0.255
Regards
Alain
Don't forget to rate helpful posts.
08-07-2013 12:41 AM
Hi,
access-list 7 permit 192.168.10.0 0.0.0.254
With this wildcard mask in the last octet you don't care about any bits apart from the right one which must be zero so you are matching only even addresses.
Change this to
access-list 7 permit 192.168.10.0 0.0.0.255
Regards
Alain
Don't forget to rate helpful posts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide