10-14-2013 01:02 PM - edited 03-07-2019 04:02 PM
Experts,
I need to apply the correct NAT for a server that will be receiving a RDP connection, port 3389 and requires a Static NAT.
Attached my config, straight forward and small. I currently have everyone leaving with this rule one nat rule:
Important Information to add:
Server Lan IP 192.168.1.20
Server Public IP: 200.1.1.5
Current Nat information:
ip nat pool test 200.1.1.6 200.1.1.6 prefix-length 24
ip nat inside source list 102 pool test overload
access-list 102 permit ip 192.168.2.0 0.0.0.255 any
access-list 102 permit ip 192.168.3.0 0.0.0.255 any
I tried:
ip nat inside source static 192.168.1.20 200.1.5 --> The commands where applied but the server didn't NAT
Step 2:
added
access-list 102 deny ip host 192.168.1.20 any --> To prevent this IP from going into "PAT" mode and hoping static NAT applies.
access-list 102 permit ip 192.168.2.0 0.0.0.255 any
access-list 102 permit ip 192.168.3.0 0.0.0.255 any
That didn't work either :-). If I have to Re-do the entire NAT configuration in order to provide Internet access to my Static Server and the other internal 192.168.1.x Network I have a time window to test it.
Any help is appreciated.
Thanks,
Randall
Solved! Go to Solution.
10-14-2013 01:24 PM
Randall,
The ip nat inside source static 192.168.1.20 200.1.5 command is okay. However, your configuration is missing the ip nat inside command on the Gi0/1.1 interface so this interface is not considered to be a NAT-enabled inside interface at all. The ip nat inside command on your physical Gi0/1 interface is useless and should be removed, as the Gi0/1 is not configured with an IP address so it does not participate in IP operations (just the subinterfaces do).
Try adding the ip nat inside on your Gi0/1.1 and put back the ip nat inside source static command - then check the NAT connectivity to the server.
Best regards,
Peter
10-14-2013 01:24 PM
Randall,
The ip nat inside source static 192.168.1.20 200.1.5 command is okay. However, your configuration is missing the ip nat inside command on the Gi0/1.1 interface so this interface is not considered to be a NAT-enabled inside interface at all. The ip nat inside command on your physical Gi0/1 interface is useless and should be removed, as the Gi0/1 is not configured with an IP address so it does not participate in IP operations (just the subinterfaces do).
Try adding the ip nat inside on your Gi0/1.1 and put back the ip nat inside source static command - then check the NAT connectivity to the server.
Best regards,
Peter
10-14-2013 02:51 PM
Thanks Peter, I will give it a shot and send the results.
10-16-2013 11:40 AM
Peter, I tested what you suggested and it didn't work. I think it is related to the ISP because I saw the NAT translations. What I had to do in order to fix it ran a port redirection, didn't think that would work but it did the trick.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide