Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
411
Views
3
Helpful
3
Replies

IP Nat inside / outside

Edgar Khachatrian
Level 1
Level 1

‎01-31-2014 04:05 PM - edited ‎03-07-2019 05:56 PM

So I have a wireless bridge connecting two buildings and have a router on the non-root side to handle switchport trunking for AP VLANs. This router only routes and handles data only from the AP (REGULAR AP ..NO BRIDGE). So the problem is that the WAN port FastEthernet 0/4 is set with a private ip with "ip Nat outside" specified under that interface. Well everything works well except I can't ssh from anywhere to this router except when connected to the AP that is connected to the router switchport which handles trunking of wireless VLANs. (note that the when I say AP this is a single AP that is connected to the router, nothing to do with the Wireless bridge.) So I understand "ip Nat outside" is meant for outside WAN. However when changing this to "ip Nat inside" ssh is fine ..however clients on the AP can't resolve addresses. Any ideas to what I'm doing wrong?

Thanks in advance.


Sent from Cisco Technical Support Android App

Please rate all helpful posts. Was the issue resolved? (Mark as "Answered")
Labels:
0 Helpful
3 Replies 3

John Blakley
VIP Alumni
VIP Alumni

‎01-31-2014 05:19 PM

Kinda hard to tell you without seeing your config. Since you're extending the two buildings though, why are you natting at all? Having nat configured on the outside shouldn't affect your ssh sessions to the device from the outside either. Can you post the config from the router?

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

Edgar Khachatrian
Level 1
Level 1

‎02-02-2014 06:22 AM

I added a static NAT entry "ip nat inside source static tcp", with both the inside local & inside global addresses to the private address which was assigned to that WAN interface. This solved the problem.

Don't know exactly why ssh wasn't allowed when "ip nat outside" was specified on that interface. However my guess is that not all
ports are created equally. I'm thinking, since that port is designated as a WAN port and has "ip nat outside", specified under it; it treats all traffic coming to it as WAN traffic. Regardless this shouldn't affect ssh access.... But I just can't figure out what might be the culprit exactly. Even though the problem is solved, I still want to get to the bottom of this WAN port/NAT issue. Anyone has any input on this.


Thanks in advance.



Sent from Cisco Technical Support Android App

Please rate all helpful posts. Was the issue resolved? (Mark as "Answered")
0 Helpful

Edgar Khachatrian
Level 1
Level 1

‎02-12-2014 07:19 AM

Sure John, I will post the config soon.
Even though the static nat entry fixed the issue. I would still like to understand why this was happening in the first place.

Thank you


Sent from Cisco Technical Support Android App

Please rate all helpful posts. Was the issue resolved? (Mark as "Answered")
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card