Hi, I'm searching for a solution for NAT translation when a host is down. Let's say I have a host that have a forwarding from the internet with ip NAT inside source static 1.1.1.1 10.1.1.1. When this host is down the traffic actually need to go to 10.1.1.2. Now we need to adjust the NAT manually. Is there a way with route maps and sla to automate this? Sent from Cisco Technical Support iPhone App ... View more

Hello, For one of our customer we are going to do some services. Included in these services is a SIP connection to intercom systems. The destination of the intercom is 10.77.24.10/29 that is connected with a leased line to our office. On our office we have a switch that's in the subnet 10.77.25.161/29. We I connect a PC directly to the switch and give the PC for example the IP address 10.77.25.163 I'll success to make a SIP connection. Now we connect the switch to our outside network which is connected to our corporate firewall (Cisco ASA5540). Behind the ASA we have a user network what is 10.150.31.0/24. I the user network we have the same pc that need to connect to 10.77.24.10/29 with the address 10.150.31.108/24. As we need to come at our client with an address that is located in the subnet 10.77.25.161/29, I will do an identity nat and I will translate 10.150.31.108 to 10.77.25.163. So all the traffic will go out as 10.77.25.163 to the IP address 10.77.24.10. Now the problem is that when we are connected with the ASA in the middle I only send data to the customer, but I don't receive any data back. When I will look with wireshark I see a SIP REGISTER and a SIP INVITE message. On the ASA there is a service policy active with an inspect for SIP traffic. I've read on the internet that the source IP address is embedded in the SIP packet. Could the problem be that the IP address isn't adjust by the service policy and also the reason why I don't get data back? Sent from Cisco Technical Support iPhone App ... View more

Hi, I'm currently working on an expansion of our network. The situation now is that we have one ADSL modem for the users in het network and 1 BDSL for our servers. Both have a seperate gateway and now I want to reduce that to one gateway, because we are going to work with vlan's. Now we have a cisco 817 (Managed by ISP) that is connected to the outside port of our cisco pix. The router has xxx.xxx.xxx.1/29 address and the outside interface of the firewall has the xxx.xxx.xxx.2/29 address. At this moment I make PAT with xxx.xxx.xxx.2 till xxx.xxx.xxx.6 and everything is working fine. In the new situation I'm testing the cisco 817 is connect to a cisco 1812 fa0/0 and the ADSL modem is connected to the same cisco 1812 on the fa0/1 int. After that the fa0/2 from the 1812 is connected with vlan 1 to the outside interface of the firewall. I've made policy based routing for the outgoing traffic and that's all working fine. I also need to the PAT on the cisco 1812 and here is the problem. On the fa0/0 int is the ip address xxx.xxx.xxx.2/29 configured and when I do a PAT on that address everything goes to the firewall, but when I use .2 of .3 for example I don't get any traffic on my firewall. I'm pretty new to the cisco routers, maybe I've made a fault in the configuration. Maybe you guys can see what I'm doing wrong or have some debugging tips. Here is the configuration: ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname nldhrtroutside ! boot-start-marker boot-end-marker ! logging buffered 4096 debugging ! aaa new-model ! ! ! aaa session-id common ! resource policy ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ip subnet-zero ! ! ip cef ! ! ip ssh time-out 60 ip ssh authentication-retries 2 ip ssh version 2 ! interface FastEthernet0 description xs4all_bdsl ip address xxx.xxx.xxx.2 255.255.255.248 ip nat outside ip virtual-reassembly duplex auto speed auto ! interface FastEthernet1 description xs4all_adsl ip address 192.168.20.2 255.255.255.0 ip nat outside ip virtual-reassembly duplex auto speed auto ! interface FastEthernet2 description outside_netwrok ! interface FastEthernet3 ! interface FastEthernet4 shutdown ! interface FastEthernet5 shutdown ! interface FastEthernet6 shutdown ! interface FastEthernet7 shutdown ! interface FastEthernet8 shutdown ! interface FastEthernet9 shutdown ! interface Vlan1 description outside_network ip address 10.10.20.1 255.255.255.248 ip nat inside ip virtual-reassembly ip policy route-map PBR ! interface Async1 no ip address encapsulation slip ! ip classless ip route 0.0.0.0 0.0.0.0 192.168.20.1 ip route 192.168.1.0 255.255.255.0 10.10.20.3 ! ! no ip http server no ip http secure-server ip nat inside source route-map ADSL interface FastEthernet1 overload ip nat inside source route-map BDSL interface FastEthernet0 overload ip nat inside source static tcp 192.168.1.21 80 xxx.xxx.xxx.2 80 extendable p nat inside source static tcp 192.168.1.21 80 xxx.xxx.xxx.3 80 extendable ! access-list 10 permit 192.168.1.21 access-list 10 permit 192.168.1.22 access-list 20 permit 192.168.1.0 0.0.0.255 snmp-server community public RO ! route-map BDSL permit 10 match ip address 10 match interface FastEthernet0 ! route-map ADSL permit 20 match ip address 20 match interface FastEthernet1 ! route-map PBR permit 10 match ip address 10 set interface FastEthernet0 set ip next-hop xxx.xxx.xxx.1 ! route-map PBR permit 20 match ip address 20 set interface FastEthernet1 set ip next-hop 192.168.20.1 ! ! ! ! control-plane ! ! line con 0 line 1 modem InOut stopbits 1 speed 115200 flowcontrol hardware line aux 0 line vty 0 4 password * transport input ssh ! no scheduler allocate end ... View more