A bit confused with NAT + 1 weird problem

Unanswered Question
Mar 3rd, 2008

Dear NetPros!

Recently got a cisco 2851 router + 2 HWIC-1FE cards. Network setup is described in attached jpeg. I've configured ISP failover with ip sla + NAT and pptp VPN server, but still can't figure out how to make FTP server 2 (see attachment) reachable from outside hosts with address. The problem is that LAN2 has its own uplink and default gw, so we need to do NAT with not only inside src address changed, but also need to change outside src address. Can't get it working. Please, help :)

And now the weird problem:

When tested failover uplink switching noticed that when i pull cable out of fa0/1/0 everything works fine (sla monitor + tracking shows reachability->down) but when i return cable back to interface fa0/1/0, iface goes up, proto up, !!but!! 'show track' says reachability still down, 'show ip sla trace' shows timeouts for icmp goin out fa0/1/0. More, when tryin to ping fa0/1/0 address from remote hosts - getting timeouts. The only way to get things working again - reload router. Please advice, how to make it working properly.

With best regards,


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ROSS_Solar Tue, 03/04/2008 - 01:36

Please, tell if it is possible to make such a translation at all (see first part of leading post)?

Edison Ortiz Tue, 03/04/2008 - 11:13

Try changing the SLA to ping instead of an address that involves routing such as

Give a try with this config.

ip sla 1

icmp-echo source-interface FastEthernet0/1/0

timeout 1000

threshold 3

frequency 10

ip sla schedule 1 life forever start-time now

Also, remove the ip inspect on that interface while we are troubleshooting this.




This Discussion