09-15-2010 08:35 PM - edited 03-06-2019 01:00 PM
Hi !
I'm currently studdy for CCNP TSHOOT CCNP Exam.
I had setuup a small lab with Cisco router to test lab...
in the attached file the configuration of the 2611 router... with is currently doing the NATTING between 2 others routers (a 2501 which is basically acting as a standart host, and 4500 routeur which is acting as a router on the Internet).
I used ping command to generate traffic between my 2501 and 4500 router. For testing I'm send my ping request to the interface connected to the 2611 on the wan side.
I had received some reply from 4500 on my 2501 router, but I also lost some of them, and I do not understand. With sniffer software placed between 2611 and 4500, I see ping request with source interface of my 2501 router but not NAT (in it's original state) when I see test on sniffer software I did not received reply on my 2501 for my ping request (that normal, but why something the IP address of my 2501 is not NAT and sometimes not ?)
I was defined my access-list on my 2611 as is to defined which traffic should be NAT :
ip access-list extended INTERNE
permit ip 192.168.2.0 0.0.0.255 any log
permit icmp 192.168.2.0 0.0.0.255 any log
deny ip any any log
deny icmp any any log
Because I do not defined very often access-list and to make sampler all test I had redefined the same access-list, but by defining each specific host in the LAN. I was look like working a little bit better, but it's do not always gave the intended behavior.
Also, I had done "show ip nat translation" I seen my NAT entry, I again later and I did not seen any entry. I was pass maybe 5 min. between I issued those command.
I had also done same test with 1605 router to doing NAT, but I do not received very better result, is possible for some one to help me ?
my 2611 router is currently running IOS : c2600-i-mz.122-8.T5.bin
my 1605 router is currenly running IOS : c1600-y-mz.122-26c.bin
Thanks a lot !
Solved! Go to Solution.
09-16-2010 04:08 AM
Hi,
The config looks normal to me.
Can you please enable "debug ip packet detail
Regards...
-Ashok.
09-16-2010 03:53 AM
Hi,
So you tested on 192.168.2.2, and ping 192.168.200.2? It sometimes works, sometimes doesnt?
Your IOS is very old; regarless that is a software defect or not, I think you should upgrade the code first.
HTH,
Lei Tian
09-16-2010 04:08 AM
Hi,
The config looks normal to me.
Can you please enable "debug ip packet detail
Regards...
-Ashok.
09-28-2010 07:39 PM
Hi !
for some reason I did not able to reproced the problem.....
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide