Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1815
Views
0
Helpful
1
Replies

NAT Overload and Static Issues

Go to solution
rossdunham
Level 1
Level 1

‎08-06-2013 06:08 PM - edited ‎03-04-2019 08:41 PM

Greetings!

I am having issues with NAT Overload and NAT Static translations

I have 1 public IP overloaded for outbound browsing for my servers, desktops, etc.

I have STATIC NAT translations for inbound communication. (http, https, rdp)

All of my inbound communication works great.  (inside <= outside)

My issue is with OUTBOUND connectivity.  (inside => outside)

4 of my 8 servers can perform all outbound connections perfectly. (telnet, ping, http, etc)

The other 4 of my 8 are NOT able to perform any outbound connections.

These 4 can’t even ping the WAN gateway, even though they are serving up web pages and allowing RDP from the outside to inside.

Im new to cisco, but familiar with concept of NAT and routing.

Clearly Im missing something really fundamental.

Config is below.

Anyone have any suggestions?

Thanks in advance.

Ross

dtrouter01#sh run

Building configuration...

Current configuration : 5104 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname dtrouter01

!

boot-start-marker

boot-end-marker

!

logging message-counter syslog

enable secret 5 $1$Hthu$F8UN7fFoNr5sQ5DDlZOzq0

!

aaa new-model

!

aaa session-id common

clock timezone PST8PDT -8

clock summer-time PST8PDT recurring

dot11 syslog

no ip source-route

!

ip dhcp bootp ignore

!

ip cef

!

!

no ip bootp server

ip domain name dtrouter01.dunhamtech.com

!

multilink bundle-name authenticated

!

username dtadmin password 7 04710A0504244041191C43

archive

log config

  hidekeys

!

ip ssh time-out 60

ip ssh authentication-retries 2

!

interface FastEthernet0/0

ip address 69.43.173.37 255.255.255.240

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 192.168.10.1 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

no ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 69.43.173.33

no ip http server

no ip http secure-server

!

!

ip nat pool ovrld 69.43.173.40 69.43.173.40 prefix-length 28

ip nat inside source list 7 pool ovrld overload

ip nat inside source static tcp 192.168.10.70 22 69.43.173.36 22 extendable

ip nat inside source static tcp 192.168.10.71 80 69.43.173.36 80 extendable

ip nat inside source static tcp 192.168.10.226 3389 69.43.173.36 3389 extendable

ip nat inside source static tcp 192.168.10.75 80 69.43.173.37 80 extendable

ip nat inside source static tcp 192.168.10.75 443 69.43.173.37 443 extendable

ip nat inside source static tcp 192.168.10.70 80 69.43.173.38 80 extendable

ip nat inside source static tcp 192.168.10.27 3389 69.43.173.38 3389 extendable

ip nat inside source static tcp 192.168.10.57 80 69.43.173.39 80 extendable

ip nat inside source static tcp 192.168.10.57 443 69.43.173.39 443 extendable

ip nat inside source static tcp 192.168.10.57 3389 69.43.173.39 3389 extendable

ip nat inside source static tcp 192.168.10.52 80 69.43.173.41 80 extendable

ip nat inside source static tcp 192.168.10.70 80 69.43.173.42 80 extendable

ip nat inside source static tcp 192.168.10.50 80 69.43.173.43 80 extendable

ip nat inside source static tcp 192.168.10.50 443 69.43.173.43 443 extendable

ip nat inside source static tcp 192.168.10.50 3389 69.43.173.43 3389 extendable

ip nat inside source static tcp 192.168.10.78 80 69.43.173.44 80 extendable

ip nat inside source static tcp 192.168.10.78 443 69.43.173.44 443 extendable

ip nat inside source static tcp 192.168.10.228 3389 69.43.173.44 3389 extendable

ip nat inside source static tcp 192.168.10.79 80 69.43.173.45 80 extendable

ip nat inside source static tcp 192.168.10.79 443 69.43.173.45 443 extendable

ip nat inside source static tcp 192.168.10.80 80 69.43.173.46 80 extendable

ip nat inside source static tcp 192.168.10.80 443 69.43.173.46 443 extendable

ip nat inside source static tcp 192.168.10.227 3389 69.43.173.46 3389 extendable

!

access-list 7 permit 192.168.10.0 0.0.0.254

no cdp run

!

control-plane

!

banner login ^C

***************

Dunham Tech | Go Away | No Access is Allowed

***************

^C

!

line con 0

password 7 080B4D4D021C0918020E4A

line aux 0

password 7 080B4D4D021C0918020E4A

line vty 0 4

password 7 132F1611000908253B216E

transport input ssh

!

scheduler allocate 20000 1000

end

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
cadet alain
VIP Alumni
VIP Alumni

‎08-07-2013 12:41 AM

Hi,

access-list 7 permit 192.168.10.0 0.0.0.254

With this wildcard mask in the last octet you don't care about any bits apart from the right one which must be zero so you are matching only even addresses.

Change this to

access-list 7 permit 192.168.10.0 0.0.0.255

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
cadet alain
VIP Alumni
VIP Alumni

‎08-07-2013 12:41 AM

Hi,

access-list 7 permit 192.168.10.0 0.0.0.254

With this wildcard mask in the last octet you don't care about any bits apart from the right one which must be zero so you are matching only even addresses.

Change this to

access-list 7 permit 192.168.10.0 0.0.0.255

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card