ā09-07-2011 04:39 AM - edited ā03-04-2019 01:31 PM
Hi Dears. i have a one nat problem at my router. all my nat translations are ok except one nat ttanslation:
here is problem at nat configuration.
ip nat pool AZCARD_NAT_FTP 192.168.182.2 192.168.182.2 prefix-length 24
ip nat inside source route-map MAP-108 pool AZCARD_NAT_FTP
access-list 108 permit ip host 192.168.10.65 host 10.0.150.1
route-map MAP-108 permit 10
match ip address 108
this my nat configuration which i have a problem. the problem is : my pc ip is 192.168.10.65 and i want to access ftp server 10.0.150.1
i can ping 10.0.150.1 and at this time i can see the translation is going. but when i want to access ftp server with port 21
i can not access, also i wrote telnet 10.0.150.1 21 at my pc command line i can not access and i do not see any nat translation at router.
i attached all my confuguration here.
i take one new router and write only this problem nat configuration commands and it works.
but i wish this work with my configuration router not separately.
i do not solve problem. please give me idea to solve this issue.
thanks.
ā09-07-2011 07:03 AM
Are there are ACLs that are blocking port 21 anywhere by any chance?
ā09-07-2011 11:04 AM
Hi . i attached all configuration. as you see at configuration there is no ACL list to block port 21.
ā09-07-2011 07:18 AM
You need the keyword reversible at the end of your nat command
HTH
If helpful rate
Sent from Cisco Technical Support iPhone App
ā09-07-2011 11:06 AM
HI i need add reversible command at the end of nat command??? yo mean that
ip nat inside source route-map MAP-108 pool AZCARD_NAT_FTP reversible
what the reversible command do???
ā09-07-2011 12:53 PM
If you configure 'ip nat inside source route-map MAP-108 pool AZCARD_NAT_FTP' without the reversible
command, each time you initiate communication from Inside to Outside it's going to create a very strict
nat translation so to speak. If you do a 'show ip nat translation' from IOS you will see the the specific protocol
listed as well as what the translation is. If someone is trying to initiate communication from outside to inside
it will have to match that in order for reverse communication (outside to inside) to exist. When you put the
'reversible' command at the end, and then run 'show ip nat translation' you will see a second entry below
the very strict entry. It will just have the inside local IP and the outside global IP. This menas that when traffic
is initiated from outside to inside there will be an entry already in the NAT table that it can use. Remember this
is conditional NAT. That's the way I understand it (Please informed me if im wrong).
ā09-08-2011 10:32 PM
Hi I add reversible command but it can not help me. please see all my configuration which i attached.
i do not what is the problem.
ā09-12-2011 09:28 PM
please someone help me. i do not solve this issue.
ā09-13-2011 01:06 AM
Can you try to remove the nat with pool and use he bellow config
Ip nat inside static 192.168.10.65 192.168.182.2 route-map MAP-108
Also make sure the server has ip reachability to 192.168.182.2 point to you pr router outside interface
Good luck
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide