Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
327
Views
0
Helpful
1
Replies

NAT problem? can not reach outside server

charles1999hk
Level 1
Level 1

‎03-10-2011 09:52 PM - edited ‎03-06-2019 04:02 PM

Hi expert,

I have a problem currently with a problem of unable to connect to the outside server.

I am wondering wonder it is caused by a static NAT.

I tried to delete the specific static NAT and the problem seems fixed. But for some resons, I can not delete it.

Let me explain more about my network configuration.

I am using a PC, with the IP address of 192.168.0.100. what I want to do is to connet the server in outside with a specific port. let say 203.1.1.4:7234.

There is a PIX place between my PC and the ISP network modem, suppose there are some switches between my PC to the PIX, but never mind them coz no more setting there excoet the VLAN, and I think it is not the cause to my problem.

There is a static nat affecting my connection and I would like to know how to workaround it.

the static nat is to map the PC's IP 192.168.0.100 to a public ip, let say 76.10.20.22 from the outside to inside interface.

one more thing need to mention is, in the PIX, I have a default route to route all traffic to 76.10.20.21 for the outgoing traffic.

the static nat is here:

static (inside,outside) 76.10.20.22 192.168.0.100 netmask 255.255.255.255 0 0

when I telnet the 203.1.1.4 port 7234, it is not working.

however, when I delete the static NAT mentioned above, I can telnet the 203.1.1.4 port 7234.

When the PC make the connection to 203.1.1.4, suppose it uses the 76.10.20.21 right? i think the NAT is not affect my outgoing traffic, it just having effect to my incoming traffic such as which outside server connect to the ip 76.10.20.22, it will translate to my PC, right?

am my concept right?

for the above problem, any other good suggestion,

thanks very much

Charles

Labels:
0 Helpful
1 Reply 1

Haris P
Level 4
Level 4

‎03-14-2011 10:57 AM

static (inside,outside) 76.10.20.22 192.168.0.100 netmask 255.255.255.255 will nat  local ip 192.168.0.100 to public ip 76.10.20.22

Also this static nat will automatically exempt your dynamic pool .So you will be using the souce ip 76.10.20.22  when connecting to the outside server.

And with your config. I dont see any problem . But make sure about your ACL and the access is given for telnet to 203.1.1.4:7234.

Also just clear xlate before trying to telnet the remote ip

Regards

haris

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card