Problem with nat configuartion

teymur azimov · ‎09-07-2011

Hi Dears. i have a one nat problem at my router. all my nat translations are ok except one nat ttanslation:

here is problem at nat configuration.

ip nat pool AZCARD_NAT_FTP 192.168.182.2 192.168.182.2 prefix-length 24

ip nat inside source route-map MAP-108 pool AZCARD_NAT_FTP

access-list 108 permit ip host 192.168.10.65 host 10.0.150.1

route-map MAP-108 permit 10

match ip address 108

this my nat configuration which i have a problem. the problem is : my pc ip is 192.168.10.65 and i want to access ftp server 10.0.150.1

i can ping 10.0.150.1 and at this time i can see the translation is going. but when i want to access ftp server with port 21

i can not access, also i wrote telnet 10.0.150.1 21 at my pc command line i can not access and i do not see any nat translation at router.

i attached all my confuguration here.

i take one new router and write only this problem nat configuration commands and it works.

but i wish this work with my configuration router not separately.

i do not solve problem. please give me idea to solve this issue.

thanks.

JohnTylerPearce · ‎09-07-2011

Are there are ACLs that are blocking port 21 anywhere by any chance?

teymur azimov · ‎09-07-2011

Hi . i attached all configuration. as you see at configuration there is no ACL list to block port 21.

Marwan ALshawi · ‎09-07-2011

You need the keyword reversible at the end of your nat command

HTH

If helpful rate

Sent from Cisco Technical Support iPhone App

teymur azimov · ‎09-07-2011

HI i need add reversible command at the end of nat command??? yo mean that

ip nat inside source route-map MAP-108 pool AZCARD_NAT_FTP reversible

what the reversible command do???

JohnTylerPearce · ‎09-07-2011

If you configure 'ip nat inside source route-map MAP-108 pool AZCARD_NAT_FTP' without the reversible

command, each time you initiate communication from Inside to Outside it's going to create a very strict

nat translation so to speak. If you do a 'show ip nat translation' from IOS you will see the the specific protocol

listed as well as what the translation is. If someone is trying to initiate communication from outside to inside

it will have to match that in order for reverse communication (outside to inside) to exist. When you put the

'reversible' command at the end, and then run 'show ip nat translation' you will see a second entry below

the very strict entry. It will just have the inside local IP and the outside global IP. This menas that when traffic

is initiated from outside to inside there will be an entry already in the NAT table that it can use. Remember this

is conditional NAT. That's the way I understand it (Please informed me if im wrong).

teymur azimov · ‎09-08-2011

Hi I add reversible command but it can not help me. please see all my configuration which i attached.

i do not what is the problem.

teymur azimov · ‎09-12-2011

please someone help me. i do not solve this issue.

Marwan ALshawi · ‎09-13-2011

Can you try to remove the nat with pool and use he bellow config

Ip nat inside static 192.168.10.65 192.168.182.2 route-map MAP-108

Also make sure the server has ip reachability to 192.168.182.2 point to you pr router outside interface

Good luck