cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4838
Views
13
Helpful
6
Replies
Highlighted
Beginner

Can't Ping from Router using Static NAT

Hi,

I'm using static NAT on a cisco router and i am unable to ping from the router itself... With static NAT I'm unable to ping any public IP address from the router. Also it is not doing any domain name to ip translations.

I have two public usable IP's one assigned to the nat outside interface and the other assigned to an internal device. There are two static mappings

1) mapping the inernal device to one of the Public IP

2)mapping all internal traffic to the other Public IP assigned to the routers interface

Any assistance is greatly appreciated.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Hi,

Regarding the one to one NAT (1 mapping the inernal device to one of the Public IP)

Can you config a static nat like below which is best practice and see
ip nat inside source static 10.10.10.4 190.108.199.101 extendable

And regarding name to ip (dns) resolution you have to config the ip domain and name server which i told in my previous post.


Please rate if this helps you...


Regards,
Naidu.

View solution in original post

6 REPLIES 6
Highlighted
Engager

hi,

kindly post your running config and ping test. thanks!

Highlighted


Hi,

Which IP you are trying to ping?
if it is nated IP (public) it wont ping from router

And to do domain name to ip translations or visa versa, you need to configure your domain in the router like below...

#ip domain name xxxxxxx.com
#ip name-server ***which you can get from yoru internet provider***

To get clear understnad on the issue, please post your router running config.


Regards,
Naidu.

Highlighted

THanks for your responce guys... the configs are as follows.

Building configuration...

Current configuration : 1913 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!

!
no aaa new-model
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1 10.10.10.10
!
ip dhcp pool test
   import all
   network 10.10.10.0 255.255.255.0
   default-router 10.10.10.1
   dns-server 190.124.220.2 190.124.220.3
!
!
multilink bundle-name authenticated
!
archive
log config
  hidekeys
!
!
!
!
!
interface FastEthernet0/0
ip address 190.108.199.64 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
no ip virtual-reassembly
duplex auto
speed auto
no keepalive
no cdp enable
!
interface FastEthernet0/1
ip address 10.10.10.1 255.255.255.0
no ip proxy-arp
ip nat inside
no ip virtual-reassembly
duplex auto
speed auto
no cdp enable
!
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 190.108.199.1
ip route 10.0.0.0 255.0.0.0 10.10.10.0
!
!
no ip http server
ip nat pool PoolA 190.108.199.64 190.108.199.64 netmask 255.255.255.0
ip nat pool PoolB 190.108.199.101 190.108.199.101 netmask 255.255.255.0
ip nat inside source list 6 pool PoolB
ip nat inside source list 7 pool PoolA
!
access-list 6 permit 10.10.10.4
access-list 7 permit 10.10.10.0 0.0.0.255
no cdp run
!
!
control-plane
!
banner motd ^C UnAuthorized Users STAY OUT ^C
!
end

Highlighted

Hi, you can use config below.                                       

1) mapping the inernal device to one of the Public IP (for Web Server)

                                                                                                     

ip nat inside source list 6 pool PoolB overload                       
ip nat inside source static tcp 10.10.10.4 80  190.108.199.101 80

2)mapping all internal traffic to the other Public IP assigned to the routers interface

ip nat inside source list 7 interface FastEthernet0/0 overload

                                                                       

hth                                                                   
Muammer

Highlighted

Hi,

Regarding the one to one NAT (1 mapping the inernal device to one of the Public IP)

Can you config a static nat like below which is best practice and see
ip nat inside source static 10.10.10.4 190.108.199.101 extendable

And regarding name to ip (dns) resolution you have to config the ip domain and name server which i told in my previous post.


Please rate if this helps you...


Regards,
Naidu.

View solution in original post

Highlighted

hi,

Here's the thing,  I've tried the PAT, but the device behind the static mapping was ironically showing as coming from the overload address (190.108.199.64). i'm doing authentication on the static mapping and it must show that it is coming from address (190.108.199.101). Also I tried the ip name server and the ip domain name, and thats doesn't do the trick... I still can't ping or do a traceroute from the router. The upgraded config is attached. Additionally, is there any way i can get around using PAT while mapping multiple address to one Public IP?

Content for Community-Ad