no nat problem on 851W

Unanswered Question
Feb 29th, 2008

IOS V12.4(4)T8

Cisco 851W

This router is in a 192.168.5.0 private network, it is used to VPN tunnel to another private network. Its WAN interface is on the 192.165.5.0 network and its wireless/lan is in the 10.119.103.0 network.

The problem I am trying to solve was allowing a host in the 192.168.5.0 network RDP (port 3389) access to the hosts in the 10.119.103.0 network which isnt working due to nat.

If I open 3389 on the wan interface and then disable nat using:

conf t

interface BVI2

no ip nat inside

exit

copy run start

It all works, until I reboot the router. Even though I saved the config, when the router comes back up it starts natting again (even though the config does not include any ip nat commands).

I have to manually run the no ip nat inside command again on BVI2.

How can I permenantly disable NAT?

Is it because I still have ip inspect commands in the config?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
owillins Thu, 03/06/2008 - 09:09

Issue the clear ip nat translation command and then replacing the NAT configuration quickly, before any new NAT entries are populated into the translation table due to active NAT traffic.

Mehuge111 Thu, 03/06/2008 - 11:24

The problem is happening after a reboot, its ok when I first turn off nat, its after a reboot that it comes back, for example

AustinF#clear ip nat trans *

AustinF#sh ip nat trans

AustinF#conf t

Enter configuration commands, one per line. End with CNTL/Z.

AustinF(config)#int bvi2

AustinF(config-if)#no ip nat inside

AustinF(config-if)#exit

AustinF(config)#exit

AustinF#copy run start

Destination filename [startup-config]?

Building configuration...

[OK]

AustinF#sh ip nat trans

AustinF#reload

wait for reboot, log back in to the router, and nat is enabled again

AustinF#sh ip nat trans

Pro Inside global Inside local Outside local Outside global

tcp 192.168.5.168:1602 10.119.103.3:1602 64.156.132.140:80 64.156.132.140:80

tcp 192.168.5.168:1603 10.119.103.3:1603 64.156.132.140:80 64.156.132.140:80

tcp 192.168.5.168:1604 10.119.103.3:1604 64.156.132.140:80 64.156.132.140:80

tcp 192.168.5.168:1605 10.119.103.3:1605 64.156.132.140:80 64.156.132.140:80

tcp 192.168.5.168:1608 10.119.103.3:1608 64.156.132.140:80 64.156.132.140:80

tcp 192.168.5.168:1609 10.119.103.3:1609 64.156.132.140:80 64.156.132.140:80

tcp 192.168.5.168:1610 10.119.103.3:1610 64.156.132.140:80 64.156.132.140:80

tcp 192.168.5.168:1611 10.119.103.3:1611 64.156.132.140:80 64.156.132.140:80

tcp 192.168.5.168:1612 10.119.103.3:1612 64.156.132.140:80 64.156.132.140:80

udp 192.168.5.168:1693 10.119.103.3:1693 85.189.102.5:53 85.189.102.5:53

tcp 192.168.5.168:3389 10.119.103.3:3389 192.168.5.170:3208 192.168.5.170:3208

Actions

This Discussion