Strange NAT issue

Unanswered Question

Quick Summary of a problem: I have a Cisco PIX 515 that I am eliminating from the environment. We purchased a Cisco 2851 Router with a HWIC Fast Ethernet card for a DMZ. Issue is, when I setup nat, everything works EXCEPT outside connections coming inbound. I setup basic static mappings however, when I use an IP address in our block of IP's that was not previously configured, it works. It's as if something is still holding those old IP's. We physically turned off the PIX, rebooted the Routers, ISP connection...same issue.

interface gigabit 0/0

description TWC Internet - OUTSIDE

ip address xxx.xxx.204.50 255.255.255.224

ip nat outside

no shut

!

!

interface gigabit 0/1

description Network 192.100.100.0 - INSIDE

ip address 192.100.100.1 255.255.255.0

ip nat inside

no shut

!

!

interface fastethernet 0/2/0

ip address 192.168.1.1 255.255.255.0

ip nat inside

no shut

!

!

ip route outside 0.0.0.0 0.0.0.0 xxx.xxx.204.33

!

!

!

ip nat inside source list NONAT-NAT interface gigabit 0/0 overload

ip nat inside source static 192.168.1.3 xxx.xxx.204.35

ip nat inside source static 192.168.1.2 xxx.xxx.204.36

ip nat inside source static 192.100.100.8 xxx.xxx.204.37

ip nat inside source static 192.100.100.22 xxx.xxx.204.38

ip nat inside source static 192.100.100.53 xxx.xxx.204.39

ip nat inside source static 192.100.1.7 xxx.xxx.204.40

!

!

ip access-list extended NONAT-NAT

deny ip 192.100.100.0 0.0.0.255 192.168.150.0 0.0.0.255

deny ip 192.168.1.0 0.0.0.255 192.168.150.0 0.0.0.255

deny ip 192.168.1.0 0.0.0.255 10.13.1.0 0.0.0.255

deny ip 192.100.100.0 0.0.0.255 10.13.1.0 0.0.0.255

permit ip 192.168.1.0 0.0.0.255 any

permit ip 192.100.100.0 0.0.0.255 any

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
milan.kulik Tue, 11/20/2007 - 04:33

Hi,

I'd guess rebooting the cable modem might not be enough.

What kind of device is it exactly?

Is there a router (L3 device) inside?

I can imagine if it were only L2, there might be an ARP cache still not cleared on the remote ISP router containing your PIX MAC address.

But the default ARP cache timer is 4 hours.

Have you tried to replace the PIX in the evening and test if the router works next morning?

BR,

Milan

well, I guess I could convince them to try this. TimeWarner cable hands off their Internet as Ethernet. I sent a TAC request and they immediately sent a replacement router?!?!?! All I need is some ideas/suggestions of why this is happening, not a new box. Has anyone else experienced this before?

-->ISP--->Switch--->Router--->InsideSwitch

I have powered off everything except for the InsideSwitch.

Actions

This Discussion