03-09-2016 01:22 AM - edited 03-05-2019 07:00 AM
Hi All,
Have a simple setup as below, am able to see the ip nat translation happening however the router does not forward the packet to fw
client -- router 1941 (10.70.117.249) ---- (10.70.117.250)FW -- F5 (10.70.117.110)
client try to establish connection to 42.xx.xx.xx which gets nat to 10.70.117.110
can anyone please help me what am missing in the configuration
Thank you
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 124.xx.xx.xx 255.255.255.252
ip access-group WAN in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly in
duplex full
speed 100
no cdp enable
!
interface GigabitEthernet0/1
description to sdcfwwR3 port 0 LAN
ip address 10.70.117.249 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
duplex full
speed 100
no cdp enable
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source static 10.70.117.10 42.xx.xx.xx
ip route 0.0.0.0 0.0.0.0 124.xx.xx.xx
ip route 10.70.117.110 255.255.255.255 10.70.117.250
ip route 10.70.118.0 255.255.255.128 10.70.117.250
!
ip access-list extended WAN
deny ip 127.0.0.0 0.255.255.255 any
deny ip 192.0.20.0 0.0.0.255 any
deny ip 224.0.0.0 31.255.255.255 any
deny ip host 255.255.255.255 any
deny ip 10.0.0.0 0.255.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 192.168.0.0 0.0.255.255 any
deny ip 169.254.0.0 0.0.255.255 any
permit tcp any host 42.xx.xx.xx eq 443
permit udp any host 42.xx.xx.xx eq 4433
deny ip any any
!
!
!
!
control-plane
!
!
!
line con 0
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login local
transport input none
line vty 5 15
exec-timeout 5 0
privilege level 15
login local
transport input ssh
!
scheduler allocate 20000 1000
!
end
Solved! Go to Solution.
03-10-2016 10:01 AM
There are a couple of things here that might relate to this issue. First is the configuration of the static address translation
ip nat inside source static 10.70.117.10 42.xx.xx.xx
Where is 10.70.117.10? The subnet mask says it is not on interface Gig0/1. So where is it?
HTH
Rick
03-09-2016 03:54 PM
Add a route for the real too, so route 42.xx.xx.xx /32 to 10.70.117.250 and let me know if it works.
03-10-2016 10:01 AM
There are a couple of things here that might relate to this issue. First is the configuration of the static address translation
ip nat inside source static 10.70.117.10 42.xx.xx.xx
Where is 10.70.117.10? The subnet mask says it is not on interface Gig0/1. So where is it?
HTH
Rick
03-10-2016 04:59 PM
Hi Richard, yes it was a simple typo mistake of mine which i realised a bit late and changed the static to 10.70.117.110....all the while i was wondering why when all the config is correct...:)
cheers
03-10-2016 05:00 PM
thanks Joshua, for the reply ..cheers
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide