cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
651
Views
5
Helpful
7
Replies

NAT not working on IOx on IR809 IOS Version 15.8(3)M4

2425896948
Level 1
Level 1

I have configured IOS according to :Phase 3 – Configuring Cisco IOS to Enable Access to Cisco IOx - IOx - Document - Cisco DevNet

I connect my computer on G0 and can't ping the IOX guest-os in G2 and can't get into 8443 web page of IOX local manager

here are my configurations:
ip dhcp pool gospool
network 192.168.20.0 255.255.255.0
default-router 192.168.20.254
domain-name gos.com
dns-server 8.8.8.8
option 42 ip 128.138.140.44
remember
!
ip dhcp pool hostpool
network 192.168.10.0 255.255.255.0
default-router 192.168.10.254
dns-server 8.8.8.8
option 42 ip 128.138.140.44
domain-name gos.com
remember


interface GigabitEthernet0
ip address 192.168.10.254 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
ipv6 enable

 

interface GigabitEthernet2
ip address 192.168.20.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
ipv6 enable

 

router rip
version 2
network 192.168.10.0
network 192.168.20.0
no auto-summary
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet0 overload
ip nat inside source list NAT_ACL interface GigabitEthernet0 overload
ip nat inside source static tcp 192.168.20.1 22 interface GigabitEthernet0 2222
ip nat inside source static tcp 192.168.20.1 8443 interface GigabitEthernet0 8443
!
ip access-list standard NAT_ACL
permit 192.0.0.0 0.255.255.255

 

 

However, my host  computer (192.168.10.1)can ping G2(192.168.20.254)but not guest-os(192.168.20.1) and I don't know why ,I guess it's because the NAT configuration :

IR800#show ip nat trans
Pro Inside global                Inside local                            Outside local                   Outside global
tcp 192.168.10.254:2222 192.168.20.1:22 --- ---
tcp 192.168.10.254:8443 192.168.20.1:8443 --- ---

 

any advise would be appreciated, thanks!

7 Replies 7

balaji.bandi
Hall of Fame
Hall of Fame

First i would like to test simple NAT rule example :

 

ip nat inside source list 1 interface GigabitEthernet0 overload
no ip nat inside source list NAT_ACL interface GigabitEthernet0 overload

no ip access-list standard NAT_ACL

access-list 1 permit 192.168.20.0 0.0.0.255

 

Since you know the IP address (its not DHCP outside interface you can do as below

 

no ip nat inside source static tcp 192.168.20.1 22 interface GigabitEthernet0 2222
no ip nat inside source static tcp 192.168.20.1 8443 interface GigabitEthernet0 8443

 

ip nat inside source static tcp 192.168.20.1 22 192.168.10.254 2222
ip nat inside source static tcp 192.168.20.1 8443 192.168.10.254 8443

 

Note : we do not know how your network diagram looks like so this is based on the informaiton, there is no routing or static route involved, so you running RIP here- that information we do not have visibility)

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Thanks a lot for your advice man! But I still can't ping guest-os from my host computer.

For my network diagram, I was supposed to use G0 to connect INTERNET ,G1 for host computer and G2 for guest os.

Now I'm just testing whether I can get into IOX local manager so I connect my host computer on G0.

 

I have changed my configuration according to your advice, my host computer can ping the gateway of guest os (192.168.20.254) but can't ping guest os itself (192.168.20.1)

 

Now my NAT configurations is like this:

ip nat inside source list 1 interface GigabitEthernet0 overload
ip nat inside source static tcp 192.168.20.1 22 192.168.10.254 2222 extendable
ip nat inside source static tcp 192.168.20.1 8443 192.168.10.254 8443 extendable
!
access-list 1 permit 192.168.20.0 0.0.0.255

For my network diagram, I was supposed to use G0 to connect INTERNET ,G1 for host computer and G2 for guest os.

as per the information you have posted only 2 interface config, if you looking more help please post complete configuration, your network diagram (where is that ?)

 

show run 

 

I have changed my configuration according to your advice, my host computer can ping the gateway of guest os (192.168.20.254) but can't ping guest os itself (192.168.20.1)

what is the guest OS, if you are able to ping from host to gateway, that is working, if not able to ping guest OS, then we need to what OS is? that what container?

 

#show iox host list detail

 

 Follow below guide :

 

https://developer.cisco.com/docs/iox/#!ir-800-series-platform-information/ir8xx-platforms

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

ip nat inside source list 1 interface GigabitEthernet0 overload<- this need to delete becuaee there same nat with different list below it.

 

 

ip access-list standard NAT_ACL
permit 192.0.0.0 0.255.255.255<- before this you need to deny static nat.(for this point please check below link i attach).

thanks a lot! But I'm afraid I'm not following you.

could you please be more specific? I'm not really familiar with this.

Now I can ping the G2 interface (192.168.20.254)but can't ping the guest os(192.168.20.1) under it.

ip nat inside source list 1 interface GigabitEthernet0 overload <- this must delete since you have another overload NAT
ip nat inside source list NAT_ACL interface GigabitEthernet0 overload
ip nat inside source static tcp 192.168.20.1 22 interface GigabitEthernet0 2222
ip nat inside source static tcp 192.168.20.1 8443 interface GigabitEthernet0 8443
!
ip access-list extended NAT_ACL
 permit ip 192.168.20.0 0.255.255.255 any<-I re-arrange this ACL for NAT

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: