01-31-2014 04:05 PM - edited 03-07-2019 05:56 PM
So I have a wireless bridge connecting two buildings and have a router on the non-root side to handle switchport trunking for AP VLANs. This router only routes and handles data only from the AP (REGULAR AP ..NO BRIDGE). So the problem is that the WAN port FastEthernet 0/4 is set with a private ip with "ip Nat outside" specified under that interface. Well everything works well except I can't ssh from anywhere to this router except when connected to the AP that is connected to the router switchport which handles trunking of wireless VLANs. (note that the when I say AP this is a single AP that is connected to the router, nothing to do with the Wireless bridge.) So I understand "ip Nat outside" is meant for outside WAN. However when changing this to "ip Nat inside" ssh is fine ..however clients on the AP can't resolve addresses. Any ideas to what I'm doing wrong?
Thanks in advance.
Sent from Cisco Technical Support Android App
01-31-2014 05:19 PM
Kinda hard to tell you without seeing your config. Since you're extending the two buildings though, why are you natting at all? Having nat configured on the outside shouldn't affect your ssh sessions to the device from the outside either. Can you post the config from the router?
HTH,
John
*** Please rate all useful posts ***
02-02-2014 06:22 AM
I added a static NAT entry "ip nat inside source static tcp", with both the inside local & inside global addresses to the private address which was assigned to that WAN interface. This solved the problem.
Don't know exactly why ssh wasn't allowed when "ip nat outside" was specified on that interface. However my guess is that not all
ports are created equally. I'm thinking, since that port is designated as a WAN port and has "ip nat outside", specified under it; it treats all traffic coming to it as WAN traffic. Regardless this shouldn't affect ssh access.... But I just can't figure out what might be the culprit exactly. Even though the problem is solved, I still want to get to the bottom of this WAN port/NAT issue. Anyone has any input on this.
Thanks in advance.
Sent from Cisco Technical Support Android App
02-12-2014 07:19 AM
Sure John, I will post the config soon.
Even though the static nat entry fixed the issue. I would still like to understand why this was happening in the first place.
Thank you
Sent from Cisco Technical Support Android App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide