Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1274
Views
0
Helpful
1
Replies

Can't get 'ip nat outside source static' working...Please Help.

d.serra
Level 1
Level 1

‎12-23-2010 02:01 PM - edited ‎03-06-2019 02:41 PM

Hey Guys,

Having a problem with 'ip nat outside source static'.  When a client on the outside of the NAT router tries to ping the server on the inside, I can see that traffic to the destination is NATted but return traffic is not being unNATted which is causing pings to fail.

I have been pulling my hair out for hours on this.  I can make it work if I define inside and outside networks in the opposite direction and use 'ip nat inside static source' but having absolutley no luck with 'ip nat outside source static'

You help is immensley appreciated!!!

I have the following setup R1--(Inside)---R2---(outside)---R3.

R2 has fa0/1 configured as 'ip nat outside' and fa0/0 configured 'ip nat inside'


Router 1 - (Server receiving the PINGs)

hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
interface FastEthernet0/0
ip address 10.1.2.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
no ip http server
no ip http secure-server
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.1.2.2
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end

--------------------------------------------------

Router2 - (The NAT Router)

hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
interface FastEthernet0/0
ip address 10.1.2.2 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.2.3.2 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
router eigrp 10
network 0.0.0.0
no auto-summary
!
no ip http server
no ip http secure-server
ip forward-protocol nd
!
!
ip nat outside source static 10.2.3.3 22.22.22.3
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end

R2#

--------------------------
Router3 (Client router initiating the PINGs)

hostname R3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
interface Loopback0
no ip address
shutdown
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.2.3.3 255.255.255.0
duplex auto
speed auto
!
no ip http server
no ip http secure-server
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.2.3.2
!
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
password cisco
login
!
!
end

Labels:
0 Helpful
1 Reply 1

phooghen
Cisco Employee
Cisco Employee

‎12-24-2010 12:28 AM

Could you try to add a static route on R3 for Network 22.22.22.0 and the next hop is 10.2.3.2

Have a look at:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080093f2f.shtml

0 Helpful
Top