04-13-2007 11:37 AM - edited 03-03-2019 04:32 PM
Hi!
Wery simple configuration but it doesn't work.
I've configured router 2811 to NAT packets from different hosts that arrive from interface fa 0/0.200 (subinterface for VLAN200) via static NAT
Packets arrive from fa 0/0.200 but NAT doesn't create entries for some of them.
This packets go directly by routing. I can see this packets in OUT access-list binded to the outbound interface
I think that the root of the issue is missconfiguration but couldn't find it.
Here is part of my config
---------------Static NAT---------------
ip nat inside source static tcp 10.0.32.93 3000 10.251.1.29 3000 extendable
ip nat inside source static tcp 10.0.32.94 3000 10.251.1.30 3000 extendable
ip nat inside source static tcp 10.0.32.125 3000 10.251.1.31 3000 extendable
------------------INBOUND INETRFACE-----------------
interface FastEthernet0/0.200
description TO-LOT-OF-INTERNAL-HOSTS-THAT-MUST-BE-NATED
encapsulation dot1Q 200
ip address 172.22.0.101 255.255.255.252
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1200
ip ospf message-digest-key 200 md5 7 XXX
ip ospf network non-broadcast
no snmp trap link-status
no cdp enable
end
---------------OUTBOUND INETRFACE---------------
interface Vlan3
description OUTSIDE-NATED-PACKETS-MUST-ENCRYPT-AND-GO-TO-REMOTE DESTINATION
ip address X.X.X.Z 255.255.255.252
ip nat outside
ip virtual-reassembly
crypto map TO-REMOTE
end
---------------ROUTING---------------
ip route 10.1.15.0 255.255.255.0 IPADDR 240 tag 333 name REMOTE-DEST
04-14-2007 10:21 AM
HI,
Is it possible for you to show the rest of your config. If the config you have given is you complete NAT config then you are misssing a fundemental component.
The commands 'ip nat inside source static tcp ...' only allow static nat's for external hosts getting access to servers 'inside' the NAT boundary.
You will need to specify the subnet range or ranges that need to be natted.
try..
ip nat inside sourde list 1 interface vlan 3 overload
!
ip access-list 1 permit 172.16.0.0 0.0.0.255
If this does not work, again provide a complete config, expected subnet to be natted and destination/outbound port.
Thanks
Stephen
04-14-2007 07:26 PM
This type of configuration is typically for an outside to inside communication. For example a server internally on your network that you would like accessible by an outside network.
You'll only see your NAT work in the following two scenarios.
1) A packet arrives on the interface marked nat outside with an IP packet destined to 10.251.1.29 on TCP port 3000. The router will translate the destination IP header to 10.0.32.93 and destination TCP port 3000.
2) A packet arrives on the interface marked nat inside with an IP packet sourced by 10.0.32.93 and source TCP port 3000. The router will translate the source IP to 10.251.1.29 and source TCP port to 3000.
This same behavior applies to your other two statements as well.
What are you trying to accomplish?
Daniel
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide