Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
983
Views
0
Helpful
1
Replies

Use NAT addresses from inside get RST

matt.s
Level 1
Level 1

‎12-03-2008 06:45 AM

We have a 1811R facing the internet and the static nat addresses work fine for internet hosts. From the inside of the network we get a TCP RST, ACK when we access these addresses.

Why and how do I troubleshoot this?

Thanks

Matt

Labels:
0 Helpful
1 Reply 1

mchin345
Level 6
Level 6

‎12-09-2008 02:26 PM

Problem Description: "Inside" network translates PAT (overload) on outside interface. Several public ip static NATs exist for inbound. The static ips used for these NATs exist on public"outside" interface network. TCP connections from the inside network, destined TO the public static NAT address on the router return a RST (reset) on the connection.

Solution: You have to do NAT on stick

The command for static nat statements is

ip nat inside source static A.B.C.D W.X.Y.Z

if you wanted to do static port translations it would look like this

ip nat inside source static tcp A.B.C.10 80 W.X.Y.Z 80 extendable

ip nat inside source static tcp A.B.C.11 25 W.X.Y.Z 80 extendable

also if you add no-alias it will not let teh router answer pings for the device.

and if you are interested in translating an entire network the command is

ip nas inside source static network A.B.C.0 W.X.Y.0 255.255.255.0

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents