Hi All,

Have a simple setup as below, am able to see the ip nat translation happening however the router does not forward the packet to fw

client -- router 1941 (10.70.117.249) ---- (10.70.117.250)FW -- F5 (10.70.117.110)

client try to establish connection to 42.xx.xx.xx which gets nat to 10.70.117.110

can anyone please help me what am missing in the configuration

Thank you

interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 ip address 124.xx.xx.xx 255.255.255.252
 ip access-group WAN in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly in
 duplex full
 speed 100
 no cdp enable
!
interface GigabitEthernet0/1
 description to sdcfwwR3 port 0 LAN
 ip address 10.70.117.249 255.255.255.240
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly in
 duplex full
 speed 100
 no cdp enable
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source static 10.70.117.10 42.xx.xx.xx
ip route 0.0.0.0 0.0.0.0 124.xx.xx.xx
ip route 10.70.117.110 255.255.255.255 10.70.117.250
ip route 10.70.118.0 255.255.255.128 10.70.117.250
!
ip access-list extended WAN
 deny   ip 127.0.0.0 0.255.255.255 any
 deny   ip 192.0.20.0 0.0.0.255 any
 deny   ip 224.0.0.0 31.255.255.255 any
 deny   ip host 255.255.255.255 any
 deny   ip 10.0.0.0 0.255.255.255 any
 deny   ip 172.16.0.0 0.15.255.255 any
 deny   ip 192.168.0.0 0.0.255.255 any
 deny   ip 169.254.0.0 0.0.255.255 any
 permit tcp any host 42.xx.xx.xx eq 443
 permit udp any host 42.xx.xx.xx eq 4433
 deny   ip any any
!
!
!
!
control-plane
!
!
!
line con 0
 login local
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 login local
 transport input none
line vty 5 15
 exec-timeout 5 0
 privilege level 15
 login local
 transport input ssh
!
scheduler allocate 20000 1000
!
end