×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Problems with bidirectional NAT

Unanswered Question
Nov 23rd, 2007
User Badges:

Hello,


I have a problem with bidirectional NAT on cisco IOS routers.



I need to convert the next telnet session via NAT :


Client is on Outside interface :

Client 172.16.186.100 => Telnet 172.16.186.11 (2501) => Cisco 1721 (fasteth0.1) => Static translate to 172.16.187.12 (23)=> Dynamic translate Source ip (192.168.253.201 - 1st) => on inside nat side (192.168.253.201 - 172.16.187.12 (23) => to system.


The nat translation seems to work, but my sessions is not working :


*Mar 1 01:38:08.937: NAT: TCP s=58560, d=2501->23

*Mar 1 01:38:08.937: NAT: s=172.16.186.100->192.168.253.201, d=172.16.186.11 [4888]

*Mar 1 01:38:08.937: NAT: s=192.168.253.201, d=172.16.186.11->172.16.187.12 [4888]

*Mar 1 01:38:08.937: NAT: installing alias for address 192.168.253.201

*Mar 1 01:38:11.922: NAT: o: tcp (172.16.186.100, 58560) -> (172.16.186.11, 2501) [4889]


The next packets are seen on the Nat router :


Mar 1 01:40:18.501: NAT: o: tcp (172.16.186.100, 58581) -> (172.16.186.11, 2501) [4951]

*Mar 1 01:40:18.501: NAT: TCP s=58581, d=2501->23

*Mar 1 01:40:18.501: NAT: s=172.16.186.100->192.168.253.201, d=172.16.186.11 [4951]

*Mar 1 01:40:18.501: NAT: s=192.168.253.201, d=172.16.186.11->172.16.187.12 [4951]

*Mar 1 01:40:18.505: IP: tableid=0, s=192.168.253.201 (Ethernet0/1), d=172.16.187.12 (Ethernet0/0), routed via FIB

*Mar 1 01:40:18.505: IP: s=192.168.253.201 (Ethernet0/1), d=172.16.187.12 (Ethernet0/0), g=192.168.253.254, len 48, forward

*Mar 1 01:40:18.505: TCP src=58581, dst=23, seq=1575932375, ack=0, win=8192 SYNall

Translating "unall"...domain server (255.255.255.255)

*Mar 1 01:40:18.513: IP: tableid=0, s=172.16.187.12 (Ethernet0/0), d=192.168.253.201 (Ethernet0/0), routed via RIB

*Mar 1 01:40:18.517: IP: s=172.16.187.12 (Ethernet0/0), d=192.168.253.201 (Ethernet0/0), len 44, rcvd 3

*Mar 1 01:40:18.517: TCP src=23, dst=58581, seq=42810732, ack=1575932376, win=4128 ACK SYN

*Mar 1 01:40:18.517: IP: tableid=0, s=192.168.253.201 (local), d=172.16.187.12 (Ethernet0/0), routed via FIB

*Mar 1 01:40:18.517: IP: s=192.168.253.201 (local), d=172.16.187.12 (Ethernet0/0), len 40, sending

*Mar 1 01:40:18.521: TCP src=58581, dst=23, seq=1575932376, ack=0, win=0 RST


When i remove the line :


ip nat outside source list 100 pool Inside-Nat


everything is working ok. I need the source address translation on the inside interface.


Have somebody have an idee whats going wrong ???


Thx.


Janwillem Varossieau


The next configuration is tested :


interface Ethernet0/1

ip address 172.16.186.10 255.255.255.0

ip nat outside

!

interface Ethernet0/0

ip address 192.168.253.200 255.255.255.0

ip nat inside

!

ip classless

ip route 0.0.0.0 0.0.0.0 172.16.186.3

ip route 172.16.187.0 255.255.255.0 192.168.253.254


ip nat pool Inside-Nat 192.168.253.201 192.168.253.250 netmask 255.255.255.0

ip nat inside source static tcp 172.16.187.12 23 172.16.186.11 2501 extendable

ip nat outside source list 100 pool Inside-Nat

!

!

access-list 4 permit 172.16.187.0 0.0.0.255

access-list 100 permit ip 172.16.186.0 0.0.0.255 host 172.16.187.12

access-list 100 permit ip 172.16.186.0 0.0.0.255 host 172.16.186.11



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion