02-01-2011 09:07 PM - edited 03-06-2019 03:18 PM
Hi,
I'm using static NAT on a cisco router and i am unable to ping from the router itself... With static NAT I'm unable to ping any public IP address from the router. Also it is not doing any domain name to ip translations.
I have two public usable IP's one assigned to the nat outside interface and the other assigned to an internal device. There are two static mappings
1) mapping the inernal device to one of the Public IP
2)mapping all internal traffic to the other Public IP assigned to the routers interface
Any assistance is greatly appreciated.
Solved! Go to Solution.
02-02-2011 04:51 AM
Hi,
Regarding the one to one NAT (1 mapping the inernal device to one of the Public IP)
Can you config a static nat like below which is best practice and see
ip nat inside source static 10.10.10.4 190.108.199.101 extendable
And regarding name to ip (dns) resolution you have to config the ip domain and name server which i told in my previous post.
Please rate if this helps you...
Regards,
Naidu.
02-01-2011 10:44 PM
hi,
kindly post your running config and ping test. thanks!
02-01-2011 11:10 PM
Hi,
Which IP you are trying to ping?
if it is nated IP (public) it wont ping from router
And to do domain name to ip translations or visa versa, you need to configure your domain in the router like below...
#ip domain name xxxxxxx.com
#ip name-server ***which you can get from yoru internet provider***
To get clear understnad on the issue, please post your router running config.
Regards,
Naidu.
02-02-2011 03:55 AM
THanks for your responce guys... the configs are as follows.
Building configuration...
Current configuration : 1913 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
!
no aaa new-model
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1 10.10.10.10
!
ip dhcp pool test
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 190.124.220.2 190.124.220.3
!
!
multilink bundle-name authenticated
!
archive
log config
hidekeys
!
!
!
!
!
interface FastEthernet0/0
ip address 190.108.199.64 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
no ip virtual-reassembly
duplex auto
speed auto
no keepalive
no cdp enable
!
interface FastEthernet0/1
ip address 10.10.10.1 255.255.255.0
no ip proxy-arp
ip nat inside
no ip virtual-reassembly
duplex auto
speed auto
no cdp enable
!
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 190.108.199.1
ip route 10.0.0.0 255.0.0.0 10.10.10.0
!
!
no ip http server
ip nat pool PoolA 190.108.199.64 190.108.199.64 netmask 255.255.255.0
ip nat pool PoolB 190.108.199.101 190.108.199.101 netmask 255.255.255.0
ip nat inside source list 6 pool PoolB
ip nat inside source list 7 pool PoolA
!
access-list 6 permit 10.10.10.4
access-list 7 permit 10.10.10.0 0.0.0.255
no cdp run
!
!
control-plane
!
banner motd ^C UnAuthorized Users STAY OUT ^C
!
end
02-02-2011 04:46 AM
Hi, you can use config below.
1) mapping the inernal device to one of the Public IP (for Web Server)
ip nat inside source list 6 pool PoolB overload
ip nat inside source static tcp 10.10.10.4 80 190.108.199.101 80
2)mapping all internal traffic to the other Public IP assigned to the routers interface
ip nat inside source list 7 interface FastEthernet0/0 overload
hth
Muammer
02-02-2011 04:51 AM
Hi,
Regarding the one to one NAT (1 mapping the inernal device to one of the Public IP)
Can you config a static nat like below which is best practice and see
ip nat inside source static 10.10.10.4 190.108.199.101 extendable
And regarding name to ip (dns) resolution you have to config the ip domain and name server which i told in my previous post.
Please rate if this helps you...
Regards,
Naidu.
02-02-2011 03:58 PM
hi,
Here's the thing, I've tried the PAT, but the device behind the static mapping was ironically showing as coming from the overload address (190.108.199.64). i'm doing authentication on the static mapping and it must show that it is coming from address (190.108.199.101). Also I tried the ip name server and the ip domain name, and thats doesn't do the trick... I still can't ping or do a traceroute from the router. The upgraded config is attached. Additionally, is there any way i can get around using PAT while mapping multiple address to one Public IP?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide