I have an 2901 router and I am getting the strangest ping results from a NATed IP address on my DMZ. I am about at my wits end and would appreciate any help.
Pinging 192.168.12.140 with 32 bytes of data: Reply from 220.127.116.11: bytes=32 time=1ms TTL=126 Reply from 18.104.22.168: bytes=32 time=1ms TTL=126 Reply from 22.214.171.124: bytes=32 time=1ms TTL=126 Reply from 126.96.36.199: bytes=32 time=1ms TTL=126
Ping statistics for 192.168.12.140: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 1ms, Maximum = 1ms, Average = 1ms
I have a
Relevant config from 2901 router:
ip address 192.168.254.2 255.255.255.248 ip nat outside ip virtual-reassembly in no ip route-cache
interface GigabitEthernet0/1.12 description Primary DMZ encapsulation dot1Q 12 ip address 192.168.12.1 255.255.255.0 ip nat inside ip inspect Inspect_1 in ip inspect Inspect_1 out ip virtual-reassembly in no ip route-cache
interface GigabitEthernet0/1.66 description Public encapsulation dot1Q 66 ip address 188.8.131.52 255.255.255.240 ip access-group Public_Access in ip inspect Inspect_1 in ip inspect Inspect_1 out ip virtual-reassembly in no ip route-cache
ip nat inside source static 192.168.12.140 184.108.40.206
This behaviour is correct following your configuration.
You have declared interface GigabitEthernet0/1.12 "NAT inside" and the interface Vlan254 "NAT outside".
If you send a ping from 192.168.1.x to 192.168.12.140 , the reply ingress to the 2901 from the "INSIDE" and egress from the "OUTSIDE". This causes that the router applies the rule "ip nat inside source static 192.168.12.140 220.127.116.11" and this is the IP that you see in your console, it´s correct.
Maybe the correct configuration for your scenario (I don´t know what do you want with it) is to declare like "NAT Outside" the interface GigabitEthernet0/1.12, not the interface vlan 254.
Currently when changing the Authentication Template under the Onboarding section, there is no choice but to remove SGTs, VNs and IP Pools which clearly disrupt existing services.
Hitless Authentication was introduced in...
Hi, I want to redistribute OMP routes to BGP, i have the doubt if all of the OMP prefixes located in the local vEdge will be redistributed to BGP or just the connected+static networks located in the vEdge. Also how can i restrict some OMP prefix...
Let's say we have two routers configured as RP candidates for auto-RP: R1 - "advertising" its loopback0 interface IP address 18.104.22.168 as the RP for these groups:22.214.171.124/32126.96.36.199/32188.8.131.52/24184.108.40.206/16 R2 - "advertising" its loopback0 int...
hi,i just performed an IOS upgrade and got a report that admin can't create L2 VLANs.i noticed the 'vtp primary force' and 'vtp primary mst' was applied to one of the core switch and perhaps got lost after the upgrade.how to keep the VTP primary persisten...