Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
599
Views
0
Helpful
1
Replies

Problems with bidirectional NAT

jwvarossieau
Level 1
Level 1

‎11-23-2007 02:49 AM - edited ‎03-05-2019 07:35 PM

Hello,

I have a problem with bidirectional NAT on cisco IOS routers.

I need to convert the next telnet session via NAT :

Client is on Outside interface :

Client 172.16.186.100 => Telnet 172.16.186.11 (2501) => Cisco 1721 (fasteth0.1) => Static translate to 172.16.187.12 (23)=> Dynamic translate Source ip (192.168.253.201 - 1st) => on inside nat side (192.168.253.201 - 172.16.187.12 (23) => to system.

The nat translation seems to work, but my sessions is not working :

*Mar 1 01:38:08.937: NAT: TCP s=58560, d=2501->23

*Mar 1 01:38:08.937: NAT: s=172.16.186.100->192.168.253.201, d=172.16.186.11 [4888]

*Mar 1 01:38:08.937: NAT: s=192.168.253.201, d=172.16.186.11->172.16.187.12 [4888]

*Mar 1 01:38:08.937: NAT: installing alias for address 192.168.253.201

*Mar 1 01:38:11.922: NAT: o: tcp (172.16.186.100, 58560) -> (172.16.186.11, 2501) [4889]

The next packets are seen on the Nat router :

Mar 1 01:40:18.501: NAT: o: tcp (172.16.186.100, 58581) -> (172.16.186.11, 2501) [4951]

*Mar 1 01:40:18.501: NAT: TCP s=58581, d=2501->23

*Mar 1 01:40:18.501: NAT: s=172.16.186.100->192.168.253.201, d=172.16.186.11 [4951]

*Mar 1 01:40:18.501: NAT: s=192.168.253.201, d=172.16.186.11->172.16.187.12 [4951]

*Mar 1 01:40:18.505: IP: tableid=0, s=192.168.253.201 (Ethernet0/1), d=172.16.187.12 (Ethernet0/0), routed via FIB

*Mar 1 01:40:18.505: IP: s=192.168.253.201 (Ethernet0/1), d=172.16.187.12 (Ethernet0/0), g=192.168.253.254, len 48, forward

*Mar 1 01:40:18.505: TCP src=58581, dst=23, seq=1575932375, ack=0, win=8192 SYNall

Translating "unall"...domain server (255.255.255.255)

*Mar 1 01:40:18.513: IP: tableid=0, s=172.16.187.12 (Ethernet0/0), d=192.168.253.201 (Ethernet0/0), routed via RIB

*Mar 1 01:40:18.517: IP: s=172.16.187.12 (Ethernet0/0), d=192.168.253.201 (Ethernet0/0), len 44, rcvd 3

*Mar 1 01:40:18.517: TCP src=23, dst=58581, seq=42810732, ack=1575932376, win=4128 ACK SYN

*Mar 1 01:40:18.517: IP: tableid=0, s=192.168.253.201 (local), d=172.16.187.12 (Ethernet0/0), routed via FIB

*Mar 1 01:40:18.517: IP: s=192.168.253.201 (local), d=172.16.187.12 (Ethernet0/0), len 40, sending

*Mar 1 01:40:18.521: TCP src=58581, dst=23, seq=1575932376, ack=0, win=0 RST

When i remove the line :

ip nat outside source list 100 pool Inside-Nat

everything is working ok. I need the source address translation on the inside interface.

Have somebody have an idee whats going wrong ???

Thx.

Janwillem Varossieau

The next configuration is tested :

interface Ethernet0/1

ip address 172.16.186.10 255.255.255.0

ip nat outside

!

interface Ethernet0/0

ip address 192.168.253.200 255.255.255.0

ip nat inside

!

ip classless

ip route 0.0.0.0 0.0.0.0 172.16.186.3

ip route 172.16.187.0 255.255.255.0 192.168.253.254

ip nat pool Inside-Nat 192.168.253.201 192.168.253.250 netmask 255.255.255.0

ip nat inside source static tcp 172.16.187.12 23 172.16.186.11 2501 extendable

ip nat outside source list 100 pool Inside-Nat

!

!

access-list 4 permit 172.16.187.0 0.0.0.255

access-list 100 permit ip 172.16.186.0 0.0.0.255 host 172.16.187.12

access-list 100 permit ip 172.16.186.0 0.0.0.255 host 172.16.186.11

Labels:
0 Helpful
1 Reply 1
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card