NAT; Unable to translate destination IP Address ?

adrienbomble · ‎03-28-2012

Hello guys,

I have an issue trying to configure NAT as described on the diagram below:

- Host A must use IP 10.100.117.253 to communicate with Host B

- Host B must use IP 172.16.3.10 to communicate with Host A

I managed to translate source IP address (ip nat inside source static 10.100.10.11 172.16.3.10) but i am unable to translate destination IP !

I have tried:

ip nat pool pool1 10.100.117.253 10.100.117.253 netmask 255.255.255.0

ip nat outside source list list 1 pool pool1

access-list 1 permit 172.16.2.10

... But it doesn't work, and when i do a sh ip nat translations, i can only see the static translation.

Pro Inside Global Inside local Outside local Outside global

--- 172.16.3.10 10.100.10.11 --- ---

I have also tried:

ip nat outside source static 172.16.2.10 10.100.117.253

Pro Inside Global Inside local Outside local Outside global

--- --- 10.100.117.253 172.16.2.10

--- 172.16.3.10 10.100.10.11 --- ---

When i ping from Host A to Host B (ping 10.100.117.253), i have an icmp reply but it comes from Router2 and not from Host B... Actually, it works even if Host B is down ; )) !

Could you have any ideas about this ? Any help is very welcome ; )

Thanks in advance,

Adrien

John Blakley · ‎03-28-2012

Does Router3 know how to get back to the 10.100 subnet?

HTH, John *** Please rate all useful posts ***

adrienbomble · ‎03-28-2012

Hello J.Blakley,

Thanks for your answer.

Yes, R3 knows how to get back to 10.100 subnet. I have defined static routes on all routers.

John Blakley · ‎03-28-2012

Okay..I labbed this up and I don't have a problem with it. The way that I have it configured is with statics only though.

According to your requirements, here's how I configured it:

Host A must use IP 10.100.17.25 to communicate with Host B

Host B must use IP 172.16.3.10 to communicate with Host A

ip nat inside source static 10.100.10.11 10.100.17.253

ip nat outside source static 172.16.2.10 172.16.3.10

I didn't have any problems. Are you in the position to run a debug? You can create an access-list that matches on the source addresses to the destination and then apply that to "debug ip packet". It will be able to tell you where it's failing. You could also post the config for R2 because the host requirements that you posted don't exactly match up to what your nat statements say...

HTH, John *** Please rate all useful posts ***

adrienbomble · ‎03-28-2012

Hello,

Thanks for your reply. I have also labbed this... but using GNS3 and not real devices. Maybe the strange behaviour i have comes from GNS3 network simulator ? Then you're right about the host requirements i posted on my first message, there was a mistake. I have edited it and corrected it.

Finally, here are the routers configurations;

----------------------------------------------------------

R1:

interface FastEthernet0/0

ip address 10.100.117.254 255.255.255.0

ip nat inside

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 172.16.3.1 255.255.255.0

ip nat outside

duplex auto

speed auto

!

ip classless

ip route 10.100.10.0 255.255.255.0 10.100.117.1

ip route 172.16.2.0 255.255.255.0 172.16.3.254

!

ip http server

!

ip nat inside source static 10.100.10.11 172.16.3.10

ip nat outside source static 172.16.2.10 10.100.117.253

!

----------------------------------------------------------

R2:

!

interface FastEthernet0/0

ip address 10.100.10.254 255.255.255.0

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 10.100.117.1 255.255.255.0

duplex auto

speed auto

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.100.117.254

!

----------------------------------------------------------

R3:

interface FastEthernet0/0

ip address 172.16.2.254 255.255.255.0

shutdown

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 172.16.3.254 255.255.255.0

duplex auto

speed auto

!

ip classless

ip route 0.0.0.0 0.0.0.0 172.16.3.1

---------------------------------------------------------------------------------

Best Regards,

John Blakley · ‎03-29-2012

Adrien,

Your configs show that you have nat configured on R1 instead of R2. Is that the case? Since this is a lab, can you run "debug ip packet" when you're ping from each side. To make it clearer to read, ping like this:

ping rep 1

Then post those lines here.

HTH, John *** Please rate all useful posts ***

adrienbomble · ‎03-29-2012

Yes, i am sorry R2 and R1 router have been mismatched in my message;

----------------------------------------------------------

R2:

interface FastEthernet0/0

ip address 10.100.117.254 255.255.255.0

ip nat inside

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 172.16.3.1 255.255.255.0

ip nat outside

duplex auto

speed auto

!

ip classless

ip route 10.100.10.0 255.255.255.0 10.100.117.1

ip route 172.16.2.0 255.255.255.0 172.16.3.254

!

ip http server

!

ip nat inside source static 10.100.10.11 172.16.3.10

ip nat outside source static 172.16.2.10 10.100.117.253

!

----------------------------------------------------------

R1:

!

interface FastEthernet0/0

ip address 10.100.10.254 255.255.255.0

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 10.100.117.1 255.255.255.0

duplex auto

speed auto

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.100.117.254

!

----------------------------------------------------------

R3:

interface FastEthernet0/0

ip address 172.16.2.254 255.255.255.0

shutdown

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 172.16.3.254 255.255.255.0

duplex auto

speed auto

!

ip classless

ip route 0.0.0.0 0.0.0.0 172.16.3.1

---------------------------------------------------------------------------------

I do your ping test asap and let you know...

Best Regards,