cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1586
Views
0
Helpful
10
Replies

Static Nat problem

catalin.stan
Level 1
Level 1

Hello everyone,

I’m having trouble with static nat on my Cisco 861. The dynamic nat is working fine, but I can’t seem to find the problem with the static one. I’ve posted below the configuration that I currently have on my router. Can someone please give me an idea?

Thank you

interface FastEthernet0

switchport access vlan 101

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

ip address 9x.xxx.xxx.xxx 255.255.255.252

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface Vlan1

ip address 192.168.1.254 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface Vlan101

description #lan 172#

ip address 172.16.16.250 255.255.255.0

!

ip forward-protocol nd

no ip http server

ip http authentication local

no ip http secure-server

!

ip nat pool wifi_lan 9x.xxx.xxx.xxx 9x.xxx.xxx.xxx netmask 255.255.255.252

ip nat inside source list nat_acl pool wifi_lan overload

ip nat inside source static tcp 192.168.1.1 80 9x.xxx.xxx.xxx 80 extendable

ip nat inside source static udp 192.168.1.101 38101 9x.xxx.xxx.xxx 38101 extendable

ip route 0.0.0.0 0.0.0.0 9x.xxx.xxx.xxx

!

ip access-list extended nat_acl

permit ip 192.168.1.0 0.0.0.255 any

1 Accepted Solution

Accepted Solutions

Hello,

If you have the web server hosted on a linux machine, then this simple trick will tell you if the router forward the packets correctly:

-from an external location do a "telnet 9.x.x.x 80"

-on the web server use tcpdump to listen on your interface and see if any packet arrive there while you're doing the telnet on port 80

If you have a windows platform for your web server, you can do the same with Wireshark.

Second, maybe this is not a NAT problem. Did you check the reachability between your web server and an outside destination? Is the gateway on the server set correctly?

Good luck and let us know the result of the test above.

Cheers,

Calin

View solution in original post

10 Replies 10

Latchum Naidu
VIP Alumni
VIP Alumni

Hi,

What is the exact problem you are facing, the config looks ok.

Is nating not happening with the below config?
Have you see by giving command "sh ip nat tra"?

Clear the nat tra in global with command "clear ip nat tra fo" and check.

However please remove the extendable work in the NAT statement and see.


Please rate the helpfull posts.
Regards,
Naidu.

Hi,

Thank you for your reply.

Static nat isn't working, dynamic nat it's ok.

I've used #clear ip nat tran fo

After that the #sh ip nat trans looks like this:

Pro Inside global         Inside local          Outside local         Outside global

tcp 9x.xxx.xxx.xxx:80     192.168.1.1:80        ---                   ---

tcp 9x.xxx.xxx.xxx:38101  192.168.1.101:38101   ---                   ---

udp 9x.xxx.xxx.xxx:51731  192.168.1.110:51731   8.8.8.8:53            8.8.8.8:53

udp 9x.xxx.xxx.xxx:51731  192.168.1.110:51731   91.192.234.1:53       91.192.234.1:53

udp 9x.xxx.xxx.xxx:51731  192.168.1.110:51731   91.192.234.2:53       91.192.234.2:53

tcp 9x.xxx.xxx.xxx:53125  192.168.1.110:53125   95.101.22.64:443      95.101.22.64:443

udp 9x.xxx.xxx.xxx:56770  192.168.1.110:56770   8.8.8.8:53            8.8.8.8:53

The "extendable" I can't remove it. I haven't typed it in the first place (it just comes up after i give the command "ip nat inside source static tcp 192.168.1.1 80 9x.xxx.xxx.xxx 80")

Hi,

By default the extendable wont come untill we manually specify that.
Try to remove the NAT statement if possible and add again without extendable word like below...

no ip nat inside source static tcp 192.168.1.1 80 9x.xxx.xxx.xxx 80 extendable
ip nat inside source static tcp 192.168.1.1 80 9x.xxx.xxx.xxx 80


Please rate the helpfull posts.
Regards,
Nadiu.

I've done that but the extandable still comes up.

Could it be a restricton from the IOS version or the hardware version of my Cisco?

Cisco 861 (MPC8300) processor (revision 1.0) with 236544K/25600K bytes of memory.
Processor board ID FCZ1450C3KW

5 FastEthernet interfaces
1 Virtual Private Network (VPN) Module
256K bytes of non-volatile configuration memory.
125440K bytes of ATA CompactFlash (Read/Write)


License Info:

License UDI:

-------------------------------------------------
Device#   PID                   SN
-------------------------------------------------
*0        CISCO861-K9           FCZ1450C3KW

License Information for 'c860-data'
    License Level: advsecurity   Type: Permanent
    Next reboot license Level: advsecurity

Hi,

No problem with hardware, what ios version do you have on the router.

If possible please have the following ios on the router and do what i suggested in my previous post.

c861-advipservicesk9-mz.124-15.T1.bin

Please rate the helpfull posts.

Regards,

Nadiu.

c860-universalk9-mz.150-1.M4.bin

This is my IOS version. Unfortunately this is the only IOS version that I have.

I've done what you've sugested in your previous post and the "extendable" still comes up.

Hi,

What tests did you do to ascertain your static NAT isn't working?

Have you got ACLs or firewall features configured on the router?

Regards.

Alain

Don't forget to rate helpful posts.

Hi,

No acl or firewall configured.

I’ve tried to access both the web server and rdc from an outside network and it’s not working.

RDC works, from inside the network, when I type 192.168.1.101:38101 but it doesn’t with public IP.

Also web server works with the local IP (192.168.1.1).

Hello,

If you have the web server hosted on a linux machine, then this simple trick will tell you if the router forward the packets correctly:

-from an external location do a "telnet 9.x.x.x 80"

-on the web server use tcpdump to listen on your interface and see if any packet arrive there while you're doing the telnet on port 80

If you have a windows platform for your web server, you can do the same with Wireshark.

Second, maybe this is not a NAT problem. Did you check the reachability between your web server and an outside destination? Is the gateway on the server set correctly?

Good luck and let us know the result of the test above.

Cheers,

Calin

Thank you all for your replies.

Thank you Calin. It was a stupid mistake with the gateway of the server.

Sorry all for wasting your time.

Review Cisco Networking for a $25 gift card