06-15-2007 01:38 PM - edited 03-03-2019 05:27 PM
Hello Everyone
I have the following issue regarding NAT. I have a client with a Cisco 1700 router. On this router there's a NAT pool 10.210.2.20 - 120/24. That's 100 WAN addresses being NAT'ed. The FE has an address of 192.168.0.200. The rest of the pc's and devices have ip's of 192.168.0.100.
The problem I am having is that the LAN at this specific site works fine when the users connect with their pc's to the mainframe in another city, many miles away. But when they request a printjob from the mainframe, they do not get the printjob. The mainframe ip is 196.37.10.1. The printer LAN ip is 192.168.0.110 which gets nat'ed to 10.210.2.39 when WAN devices need to communicate.
I also have to mention that this client's router is connected to a bigger router routerforcustomers, which has many other customer routers connecting to it.
I have enquired from the mainframe engineers and they say the print queue for the above printer show a lot of jobs pending, so the printer gets the requests. I then proceeded to ask the one mainframe engineer to trace from the mainframe to the printer ip to see what happens. The trace indicates that it times out on the routerforcustomers router. Yet when I ask the routerforcustomers router where it is routing the 10.210.2.39 ip it shows there is a static route for it down S0/2.10 which is the serial for this specific customer. So why can the router not pass things on to the customer router in order to get the printer to print the jobs? There are no access lists on any of the 2 routers mentioned to block things?
Please help.
Thank You
willemvw
06-15-2007 01:49 PM
Since you mentioned ACLs blocking, does the head router specifically allow that port through that's needed for the print job? Same with the 1700?
06-17-2007 10:36 PM
Hi
I have the following ACL on the main router.
Extended IP access list 150
permit udp any eq domain any gt 1023
permit tcp host 196.10.137.1 eq telnet any
permit ip host 196.10.137.1 any
permit icmp host 196.10.137.1 any
Where 196.10.137.1 is the mainframe ip.
Applying this ACL to the interface on the main router for this customer, am I correct by saying that it must be applied as in on the main router's serial?
And on the customer's router, can I just have a normal acl on the router to allow traffic from the mainframe?
Thanks
wvw
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide