Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1229
Views
0
Helpful
6
Replies

Can not traceroute beyond NAT

henry
Level 1
Level 1

‎04-01-2005 07:06 AM - edited ‎03-05-2019 11:29 AM

We are NATing the outside source address of the serverA.

Our configuration:

ServerA (172.23.1.5/24)

RouterA (Eth0- 172.23.1.1/24, S0- 172.16.3.2/30)

RouterB (S0- 172.16.3.1/30, Eth0- 192.168.27.2/29)

Firewall

ServerB (198.203.239.66)

We can ping and traceroute from ServerA to ServerB but not the way around. NAT is happening on RouterB.

I enabled debug on both routers. When pinging from ServerB to ServerA I can see the correct translation and forwarding of packets,but on RouterA nothing happens.

Part of running-config on RouterA:

ip route 192.168.27.0 255.255.255.248 172.16.3.1

ip route 198.203.239.66 255.255.255.255 172.16.3.1

Part of running-config on RouterB:

interface FastEthernet0

ip address 192.168.27.2 255.255.255.248

ip nat inside

speed auto

!

interface Serial0

ip address 172.16.3.1 255.255.255.252

ip nat outside

encapsulation ppp

!

ip nat outside source static 172.23.1.5 192.168.27.13

ip classless

ip route 0.0.0.0 0.0.0.0 172.16.3.2

ip route 198.203.239.64 255.255.255.192 192.168.27.1

Am I missing anything ? Please help.

Thanks,

Henry

Labels:
0 Helpful
6 Replies 6

Georg Pauwen
VIP
VIP

‎04-01-2005 10:31 AM

Hello Henry,

can you try and remove both static routes from Router A:

ip route 192.168.27.0 255.255.255.248 172.16.3.1

ip route 198.203.239.66 255.255.255.255 172.16.3.1

and instead add just a default:

ip route 0.0.0.0 0.0.0.0 172.16.3.1

Regards,

GP

0 Helpful

henry
Level 1
Level 1
In response to Georg Pauwen

‎04-01-2005 11:48 AM

I've tried. The same result.

Actually what I need is to connect serverA and serverB through 'sqlnet'. When I run 'plsql' statement on ServerB trying to quiry ServerA I can see on the RouterB NATing and routing seem to be correct. RouterA - nothing happens ???

-

Thanks,

Henry

0 Helpful

Georg Pauwen
VIP
VIP
In response to henry

‎04-01-2005 02:20 PM

Hello,

on your Router B, try to add a static route specifying the subnet where the translated address is belonging to:

ip route 192.168.27.8 255.255.255.248 172.16.3.2

or try and use a different address for the NAT, e.g.

ip nat outside source static 172.23.1.5 192.168.26.13

and then adjust the routing accordingly.

HTH,

GP

0 Helpful

Georg Pauwen
VIP
VIP

‎04-02-2005 12:08 AM

Hello Henry,

can you post the output of ´debug ip nat´ from router B ?

Regards,

GP

0 Helpful

henry
Level 1
Level 1
In response to Georg Pauwen

‎04-02-2005 07:26 AM

I've tried all the possible configurations on the RouterB with the same result. BTW on RouterA I can see sometimes (randomly) the debugging output.

The following is the debugging output from running 'sqlplus' on the ServerB trying to connect to ServerA on port 1251:

Output on RouterA:

*Mar 3 01:26:00: IP: s=198.203.239.66 (Serial0), d=172.23.1.5 (FastEthernet0),

g=172.23.1.5, len 48, forward

*Mar 3 01:26:00: TCP src=60934, dst=1521, seq=762687828, ack=0, win=24820 S

YN

Output on RouterB is attached (because of file size).

When I run 'sqlplus' on routerB it just times out.

Any ideas?

Thanks,

Henry

Preview file
5 KB
0 Helpful

Georg Pauwen
VIP
VIP
In response to henry

‎04-02-2005 12:13 PM

Hello Henry,

can you see anything being blocked in your firewall ?

Regards,

GP

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card