cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1312
Views
0
Helpful
6
Replies

Can not traceroute beyond NAT

henry
Level 1
Level 1

We are NATing the outside source address of the serverA.

Our configuration:

ServerA (172.23.1.5/24)

RouterA (Eth0- 172.23.1.1/24, S0- 172.16.3.2/30)

RouterB (S0- 172.16.3.1/30, Eth0- 192.168.27.2/29)

Firewall

ServerB (198.203.239.66)

We can ping and traceroute from ServerA to ServerB but not the way around. NAT is happening on RouterB.

I enabled debug on both routers. When pinging from ServerB to ServerA I can see the correct translation and forwarding of packets,but on RouterA nothing happens.

Part of running-config on RouterA:

ip route 192.168.27.0 255.255.255.248 172.16.3.1

ip route 198.203.239.66 255.255.255.255 172.16.3.1

Part of running-config on RouterB:

interface FastEthernet0

ip address 192.168.27.2 255.255.255.248

ip nat inside

speed auto

!

interface Serial0

ip address 172.16.3.1 255.255.255.252

ip nat outside

encapsulation ppp

!

ip nat outside source static 172.23.1.5 192.168.27.13

ip classless

ip route 0.0.0.0 0.0.0.0 172.16.3.2

ip route 198.203.239.64 255.255.255.192 192.168.27.1

Am I missing anything ? Please help.

Thanks,

Henry

6 Replies 6

Hello Henry,

can you try and remove both static routes from Router A:

ip route 192.168.27.0 255.255.255.248 172.16.3.1

ip route 198.203.239.66 255.255.255.255 172.16.3.1

and instead add just a default:

ip route 0.0.0.0 0.0.0.0 172.16.3.1

Regards,

GP