02-29-2008 02:43 AM - edited 03-05-2019 09:27 PM
IOS V12.4(4)T8
Cisco 851W
This router is in a 192.168.5.0 private network, it is used to VPN tunnel to another private network. Its WAN interface is on the 192.165.5.0 network and its wireless/lan is in the 10.119.103.0 network.
The problem I am trying to solve was allowing a host in the 192.168.5.0 network RDP (port 3389) access to the hosts in the 10.119.103.0 network which isnt working due to nat.
If I open 3389 on the wan interface and then disable nat using:
conf t
interface BVI2
no ip nat inside
exit
copy run start
It all works, until I reboot the router. Even though I saved the config, when the router comes back up it starts natting again (even though the config does not include any ip nat commands).
I have to manually run the no ip nat inside command again on BVI2.
How can I permenantly disable NAT?
Is it because I still have ip inspect commands in the config?
03-06-2008 09:09 AM
Issue the clear ip nat translation command and then replacing the NAT configuration quickly, before any new NAT entries are populated into the translation table due to active NAT traffic.
03-06-2008 11:24 AM
The problem is happening after a reboot, its ok when I first turn off nat, its after a reboot that it comes back, for example
AustinF#clear ip nat trans *
AustinF#sh ip nat trans
AustinF#conf t
Enter configuration commands, one per line. End with CNTL/Z.
AustinF(config)#int bvi2
AustinF(config-if)#no ip nat inside
AustinF(config-if)#exit
AustinF(config)#exit
AustinF#copy run start
Destination filename [startup-config]?
Building configuration...
[OK]
AustinF#sh ip nat trans
AustinF#reload
wait for reboot, log back in to the router, and nat is enabled again
AustinF#sh ip nat trans
Pro Inside global Inside local Outside local Outside global
tcp 192.168.5.168:1602 10.119.103.3:1602 64.156.132.140:80 64.156.132.140:80
tcp 192.168.5.168:1603 10.119.103.3:1603 64.156.132.140:80 64.156.132.140:80
tcp 192.168.5.168:1604 10.119.103.3:1604 64.156.132.140:80 64.156.132.140:80
tcp 192.168.5.168:1605 10.119.103.3:1605 64.156.132.140:80 64.156.132.140:80
tcp 192.168.5.168:1608 10.119.103.3:1608 64.156.132.140:80 64.156.132.140:80
tcp 192.168.5.168:1609 10.119.103.3:1609 64.156.132.140:80 64.156.132.140:80
tcp 192.168.5.168:1610 10.119.103.3:1610 64.156.132.140:80 64.156.132.140:80
tcp 192.168.5.168:1611 10.119.103.3:1611 64.156.132.140:80 64.156.132.140:80
tcp 192.168.5.168:1612 10.119.103.3:1612 64.156.132.140:80 64.156.132.140:80
udp 192.168.5.168:1693 10.119.103.3:1693 85.189.102.5:53 85.189.102.5:53
tcp 192.168.5.168:3389 10.119.103.3:3389 192.168.5.170:3208 192.168.5.170:3208
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide