05-21-2020 07:03 AM - edited 05-21-2020 07:16 AM
I am having an issue with connectivity to a printer via NAT - people cannot print to it. The debug shows my static NAT keeps expiring, I thought they never expired. Here are the relevant parts of my config, it is a 2901 router running IOS 15.4(3)-M8
ip nat inside source static 10.10.10.122 1.1.1.10
ip route 164.156.185.0 255.255.255.0 SERIAL PORT WAN ADDRESS
There are no access lists, no filters, no route maps, no NAT pool, etc. Pretty basic. I did a debug ip nat det and this is what it shows
May 21 13:08:42.675: NAT: o: tcp (164.156.185.89, 55402) -> (1.1.1.10, 9100) [25228]
May 21 13:08:42.675: NAT: s=164.156.185.89, d=1.1.1.10->10.10.10.122 [25228]
May 21 13:08:42.727: NAT: API parameters passed: src_addr:164.156.185.73, src_port:0 dest_addr:1.1.1.10, dest_port:0, proto:6 if_input:Serial0/0/0.100 pak:219A6A2C get_translated:1
May 21 13:08:42.727: ipnat_api_translated_address_and_port_common, out->in want IL,OL
May 21 13:08:42.727: NAT: API Translated-Info(1): (src-addr:164.156.185.73, src-port:0) (dest-addr:10.10.10.122, dest-port:0)
May 21 13:08:42.727: NAT: o: tcp (164.156.185.73, 63301) -> (1.1.1.10, 9100) [19601]
May 21 13:08:42.727: NAT: s=164.156.185.73, d=1.1.1.10->10.10.10.122 [19601]
May 21 13:08:44.679: NAT: o: tcp (164.156.185.79, 61100) -> (1.1.1.10, 9100) [15496]
May 21 13:08:44.679: NAT: s=164.156.185.79, d=1.1.1.10->10.10.10.122 [15496]
May 21 13:08:45.423: NAT: o: tcp (164.156.185.90, 64796) -> (1.1.1.10, 9100) [5472]
May 21 13:08:45.423: NAT: s=164.156.185.90, d=1.1.1.10->10.10.10.122 [5472]
May 21 13:08:45.739: NAT: o: tcp (164.156.185.73, 63301) -> (1.1.1.10, 9100) [19602]
May 21 13:08:45.743: NAT: s=164.156.185.73, d=1.1.1.10->10.10.10.122 [19602]
May 21 13:08:45.779: NAT: expiring 1.1.1.10 (10.10.10.122) tcp 9100 (9100)
May 21 13:08:46.287: NAT: API parameters passed: src_addr:164.156.185.93, src_port:0 dest_addr:1.1.1.10, dest_port:0, proto:6 if_input:Serial0/0/0.100 pak:3D807AF8 get_translated:1
May 21 13:08:46.287: ipnat_api_translated_address_and_port_common, out->in want IL,OL
May 21 13:08:46.287: NAT: API Translated-Info(1): (src-addr:164.156.185.93, src-port:0) (dest-addr:10.10.10.122, dest-port:0)
May 21 13:08:46.287: NAT: o: tcp (164.156.185.93, 49763) -> (1.1.1.10, 9100) [19957]
May 21 13:08:46.287: NAT: s=164.156.185.93, d=1.1.1.10->10.10.10.122 [19957]
May 21 13:08:46.575: NAT: API parameters passed: src_addr:164.156.185.97, src_port:0 dest_addr:1.1.1.10, dest_port:0, proto:6 if_input:Serial0/0/0.100 pak:4117B654 get_translated:1
May 21 13:08:46.575: ipnat_api_translated_address_and_port_common, out->in want IL,OL
May 21 13:08:46.575: NAT: API Translated-Info(1): (src-addr:164.156.185.97, src-port:0) (dest-addr:10.10.10.122, dest-port:0)
May 21 13:08:46.575: NAT: o: tcp (164.156.185.97, 56945) -> (1.1.1.10, 9100) [32195]
May 21 13:08:46.575: NAT: s=164.156.185.97, d=1.1.1.10->10.10.10.122 [32195]
May 21 13:08:48.852: NAT: expiring 1.1.1.10 (10.10.10.122) tcp 9100 (9100)
May 21 13:08:49.304: NAT: o: tcp (164.156.185.93, 49763) -> (1.1.1.10, 9100) [19958]
May 21 13:08:49.304: NAT: s=164.156.185.93, d=1.1.1.10->10.10.10.122 [19958]
May 21 13:08:49.588: NAT: o: tcp (164.156.185.97, 56945) -> (1.1.1.10, 9100) [32196]
May 21 13:08:49.588: NAT: s=164.156.185.97, d=1.1.1.10->10.10.10.122 [32196]
May 21 13:08:49.808: NAT: API parameters passed: src_addr:164.156.185.103, src_port:0 dest_addr:1.1.1.10, dest_port:0, proto:6 if_input:Serial0/0/0.100 pak:219A6540 get_translated:1
May 21 13:08:49.812: ipnat_api_translated_address_and_port_common, out->in want IL,OL
May 21 13:08:49.812: NAT: API Translated-Info(1): (src-addr:164.156.185.103, src-port:0) (dest-addr:10.10.10.122, dest-port:0)
May 21 13:08:49.812: NAT: o: tcp (164.156.185.103, 53837) -> (1.1.1.10, 9100) [30085]
May 21 13:08:49.812: NAT: s=164.156.185.103, d=1.1.1.10->10.10.10.122 [30085]
May 21 13:08:50.044: NAT: API parameters passed: src_addr:164.156.185.92, src_port:0 dest_addr:1.1.1.10, dest_port:0, proto:6 if_input:Serial0/0/0.100 pak:3E04F2DC get_translated:1
May 21 13:08:50.044: ipnat_api_translated_address_and_port_common, out->in want IL,OL
clear ip nat stat
show ip nat stat
Total active translations: 35 (6 static, 29 dynamic; 29 extended)
Peak translations: 39, occurred 00:00:07 ago
Outside interfaces:
Serial0/0/0.100
Inside interfaces:
GigabitEthernet0/0
Hits: 15 Misses: 0
CEF Translated packets: 0, CEF Punted packets: 0
Expired translations: 7
Dynamic mappings:
Total doors: 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0
wait 1/2 second
show ip nat stat
Total active translations: 33 (6 static, 27 dynamic; 27 extended)
Peak translations: 39, occurred 00:00:14 ago
Outside interfaces:
Serial0/0/0.100
Inside interfaces:
GigabitEthernet0/0
Hits: 21 Misses: 0
CEF Translated packets: 0, CEF Punted packets: 0
Expired translations: 11
Dynamic mappings:
Total doors: 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0
Any insight as to what is going on?
05-21-2020 08:57 AM
Hello
What are you trying to acheive, Is it to print from external hosts to an internal printer on 10.10.10.122?
05-21-2020 09:24 AM
Yes, external user prints to internal printer. That way someone in another city can print off something to be physically picked up by a person where the printer resides.
05-21-2020 12:43 PM
Hello
If this is the primary rtr for internet /wan access, Do you have a default static route or any dynamic routing in place for internet/wan access.
Can you explain this static route- ip route 164.156.185.0 255.255.255.0 SERIAL PORT WAN ADDRESS
If possible please attach the running config of this rtr (preferably in a txt file)
05-21-2020 12:51 PM - edited 05-21-2020 12:52 PM
Yes, it is the only path out of the network and into the wider world beyond.
I used words instead of my real WAN address to not share with the world what the real WAN address is, for security reasons. I was showing there is a static route for that network, sending it out to the WAN. The WAN interface is also the NAT Outside interface and the LAN interface is the NAT Inside interface.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide