Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1078
Views
0
Helpful
2
Replies

Routing problems on cisco 2811(works as NAT server)

triviacisco
Level 1
Level 1

‎10-05-2010 12:49 AM - edited ‎03-06-2019 01:19 PM

Good day, Cisco experts.

I've got some problems in routing packets between two local networks(10.0.1.* and 10.0.2.*), i think that problem is related to NAT.

So could you, experts, give me advice in solving this problem.(tell me what should i read, or study, or what should i change in cisco 2811 configuration file and why for example)

Problem description:

Required to make following:

each network should see each other(10.0.1.* see 10.0.2.*, and 10.0.2.* see 10.0.1.*)

Now network 10.0.2.* sees 10.0.1.*, but network 10.0.1.* doesn't see 10.0.2.* network.

cisco 2811 configuration file:

interface FastEthernet0/0

description Internet

ip address IP_ADDRESS_AND_SUBNET_MASK _OUTSIDE

ip nat outside

duplex auto

speed auto

interface FastEthernet0/1

description $ES_LAN$

ip address 10.0.1.254 255.255.255.0

ip nat inside

duplex auto

speed auto

interface FastEthernet0/0/3

switchport access vlan 10

interface Vlan 10

ip address 10.0.2.254 255.255.255.0

ip nat inside source list NAT interface FastEthernet0/0 overload

ip nat inside source static tcp 10.0.1.100 80 IP_ADDRESS_OUTSIDE 80 route-map nonat extendable

ip nat inside source static tcp 10.0.1.100 443 IP_ADDRESS_OUTSIDE 443 route-map nonat extendable

ip nat inside source static tcp 10.0.1.100 3389 IP_ADDRESS_OUTSIDE 5101 route-map nonat extendable

ip nat inside source static tcp 10.0.1.100 3389 IP_ADDRESS_OUTSIDE 5102 route-map nonat extendable

ip access-list extended NAT

deny   ip 10.0.2.0 0.0.0.255 10.0.1.0 0.0.0.255

deny   ip 10.0.1.0 0.0.0.255 10.0.2.0 0.0.0.255

permit ip 10.0.1.0 0.0.0.255 any

route-map nonat permit 777

match ip address NAT

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0


On work stations and servers in networks 10.0.1.* and 10.0.2.* default gateway configuration are 10.0.1.254 10.0.2.254, respectively.

Labels:
0 Helpful
2 Replies 2

Jon Marshall
Hall of Fame
Hall of Fame

‎10-05-2010 09:36 AM

What vlan is 10.0.1.x allocated to. What device have you got connected to fa0/1and what device have you got connected to fa0/0/3 and what are their configurations ?

Jon

0 Helpful

Timothy Stewart
Cisco Employee
Cisco Employee

‎10-05-2010 10:18 AM

The configuration doesn't look like it should stop any communications between 10.0.2.0 and 10.0.1.0.  NAT should not take part in packets being routed between those two networks.  It should only be involved in packets between F0/1 and F0/0.    Just to be sure, I setup your configuration in the lab and had no problems with pinging between 10.0.1.0 and 10.0.2.0.  Pinging between 10.0.2.0 and the "Internet" resulted in NAT not being used (since nat inside is not configured on 10.0.2.0), whereas pinging between 10.0.1.0 and the "Internet" resulted in a dynamic translation.

Since you said traffic in one direction works (10.0.2.0 -> 10.0.1.0) but not in the other direction check the arp cache and routing (default route, etc) on the 10.0.1.0 devices.  If you disable ip nat inside on F0/1 does it resolve your problem (I wouldn't expect it to).

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card