cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
461
Views
0
Helpful
2
Replies

nat_problem

burak-isiksoy
Level 1
Level 1

Hi all,

I have a problem with nat

I have the following topology, I ve got static nat entries for each servers and overload for other users.

When servers / users accesing to internet or from internet to servers there is no issue.

Problem is when i try to reach server 192.168.1.1 via its public ip (10.10.10.2) from server 192.168.1.2 with tcp (80, 1433 etc) it fails

If i try to ping 10.10.10.2 from 192.168.1.2 i can get replies

when i check the nat translations  i can see that server 192.168.1.1's ip address is nated to 10.10.10.2 and 192.168.1.2 to 10.10.10.3

also when i run debug while i try to access to 10.10.10.2 with tcp packets i can see that packet is routed with source ip 10.10.10.3 and destination ip 10.10.10.2

am i missing somthing?

topology.jpg

here is the sample config;

!
interface FastEthernet0/0
ip address 10.10.10.1 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.1.254 255.255.255.0
ip nat inside

ip virtual-reassembly
duplex auto
speed auto
!

ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source static 192.168.1.1 10.10.10.2 extendable
ip nat inside source static 192.168.1.2 10.10.10.3 extendable

!

access-list 1 permit 192.168.1.0 0.0.0.255

BR.

Burak

1 Accepted Solution

Accepted Solutions

cadet alain
VIP Alumni
VIP Alumni

Hi,

you can't communicate with the outside public IP from an inside address with the old style NAT,but normally it should work with the newest NAT NVI config and no ip redirect on both interfaces. to configure nat NVI, just replace ip nat in and ip nat out by simply ip nat enable and get rid of the inside keyword in your NAT statements.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

View solution in original post

2 Replies 2

cadet alain
VIP Alumni
VIP Alumni

Hi,

you can't communicate with the outside public IP from an inside address with the old style NAT,but normally it should work with the newest NAT NVI config and no ip redirect on both interfaces. to configure nat NVI, just replace ip nat in and ip nat out by simply ip nat enable and get rid of the inside keyword in your NAT statements.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Hi thanks for the super fast help i felt my self realy outdated

Review Cisco Networking for a $25 gift card