Use NAT addresses from inside get RST

Unanswered Question
Dec 3rd, 2008

We have a 1811R facing the internet and the static nat addresses work fine for internet hosts. From the inside of the network we get a TCP RST, ACK when we access these addresses.

Why and how do I troubleshoot this?



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mchin345 Tue, 12/09/2008 - 14:26

Problem Description: "Inside" network translates PAT (overload) on outside interface. Several public ip static NATs exist for inbound. The static ips used for these NATs exist on public"outside" interface network. TCP connections from the inside network, destined TO the public static NAT address on the router return a RST (reset) on the connection.

Solution: You have to do NAT on stick

The command for static nat statements is

ip nat inside source static A.B.C.D W.X.Y.Z

if you wanted to do static port translations it would look like this

ip nat inside source static tcp A.B.C.10 80 W.X.Y.Z 80 extendable

ip nat inside source static tcp A.B.C.11 25 W.X.Y.Z 80 extendable

also if you add no-alias it will not let teh router answer pings for the device.

and if you are interested in translating an entire network the command is

ip nas inside source static network A.B.C.0 W.X.Y.0


This Discussion