Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
227
Views
0
Helpful
2
Replies

Issue with NAT

willemvwyk
Level 1
Level 1

‎06-15-2007 01:38 PM - edited ‎03-03-2019 05:27 PM

Hello Everyone

I have the following issue regarding NAT. I have a client with a Cisco 1700 router. On this router there's a NAT pool 10.210.2.20 - 120/24. That's 100 WAN addresses being NAT'ed. The FE has an address of 192.168.0.200. The rest of the pc's and devices have ip's of 192.168.0.100.

The problem I am having is that the LAN at this specific site works fine when the users connect with their pc's to the mainframe in another city, many miles away. But when they request a printjob from the mainframe, they do not get the printjob. The mainframe ip is 196.37.10.1. The printer LAN ip is 192.168.0.110 which gets nat'ed to 10.210.2.39 when WAN devices need to communicate.

I also have to mention that this client's router is connected to a bigger router routerforcustomers, which has many other customer routers connecting to it.

I have enquired from the mainframe engineers and they say the print queue for the above printer show a lot of jobs pending, so the printer gets the requests. I then proceeded to ask the one mainframe engineer to trace from the mainframe to the printer ip to see what happens. The trace indicates that it times out on the routerforcustomers router. Yet when I ask the routerforcustomers router where it is routing the 10.210.2.39 ip it shows there is a static route for it down S0/2.10 which is the serial for this specific customer. So why can the router not pass things on to the customer router in order to get the printer to print the jobs? There are no access lists on any of the 2 routers mentioned to block things?

Please help.

Thank You

willemvw

Labels:
0 Helpful
2 Replies 2

a.cruea1980
Level 3
Level 3

‎06-15-2007 01:49 PM

Since you mentioned ACLs blocking, does the head router specifically allow that port through that's needed for the print job? Same with the 1700?

0 Helpful

willemvwyk
Level 1
Level 1
In response to a.cruea1980

‎06-17-2007 10:36 PM

Hi

I have the following ACL on the main router.

Extended IP access list 150

permit udp any eq domain any gt 1023

permit tcp host 196.10.137.1 eq telnet any

permit ip host 196.10.137.1 any

permit icmp host 196.10.137.1 any

Where 196.10.137.1 is the mainframe ip.

Applying this ACL to the interface on the main router for this customer, am I correct by saying that it must be applied as in on the main router's serial?

And on the customer's router, can I just have a normal acl on the router to allow traffic from the mainframe?

Thanks

wvw

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card