Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
454
Views
0
Helpful
7
Replies

strange nat behaviour

admin_2
Level 3
Level 3

‎12-07-2008 11:25 AM - edited ‎03-04-2019 12:37 AM

i have a 1721 (c1700-advsecurityk9-mz.124-23.bin running on it) with strange NAT behaviour.

here is the corresponding config.

interface FastEthernet0

ip address 192.168.68.254 255.255.255.0

ip nat inside

no ip virtual-reassembly

speed 100

full-duplex

!

interface Serial0

ip address xxx.xxx.xxx.xxx 255.255.255.252

ip nat outside

no ip virtual-reassembly

ip nat inside source list nat_to_internet interface Serial0 overload

!

ip access-list extended nat_to_internet

permit ip 192.168.68.0 0.0.0.255 any

so it is a very simple nat config. nothing special.

my problem is if ping a host on the public internet from any of the devices connected to the inside interface of the router then it works

But if i try to ping anything on the net from the router themself, it fails.

see:

ping google.com source fastEthernet 0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 74.125.45.100, timeout is 2 seconds:

Packet sent with a source address of 192.168.68.254

.....

Success rate is 0 percent (0/5)

any idea would be appreciated.

thanks

Labels:
0 Helpful
7 Replies 7

Jon Marshall
Hall of Fame
Hall of Fame

‎12-07-2008 12:34 PM

I've never tried that but i suspect the issue is the packet is not entering the inside interface and so bypasses the "ip nat inside" statement on your fa0 interface.

What does "sh ip nat translations" show when you try the ping from the router with fa0 as source interface ?

Jon

0 Helpful

Not applicable
In response to Jon Marshall

‎12-07-2008 12:54 PM

it should work as it is working seemless on my 831

see:

C831#ping google.com source ethernet 0

Translating "google.com"...domain server (79.121.0.2) [OK]

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 72.14.205.100, timeout is 2 seconds:

Packet sent with a source address of 192.168.250.1

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 120/125/128 ms

Pro Inside global Inside local Outside local Outside global

icmp xx.xx.x.xx:24 192.168.250.1:24 72.14.205.100:24 72.14.205.100:24

so it works on my C831 but not on my 1721 and i can't figure out what i am missing.

and the corresponding nat translation is:

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to

‎12-07-2008 01:01 PM

okay, looks like i was wrong then :-)

On the 1720 what does a "sh ip nat translation" show ?

Jon

0 Helpful

Not applicable
In response to Jon Marshall

‎12-07-2008 01:06 PM

nothing about the ping. anyway here is the output

#sh ip nat translations

Pro Inside global Inside local Outside local Outside global

tcp xxx.xxx.xxx.xxx:32820 192.168.68.2:32820 81.183.105.116:19565 81.183.105.116:19565

udp xxx.xxx.xxx.xxx:32839 192.168.68.2:32839 67.83.46.162:57845 67.83.46.162:57845

udp xxx.xxx.xxx.xxx:32839 192.168.68.2:32839 71.197.2.219:37266 71.197.2.219:37266

udp xxx.xxx.xxx.xxx:32839 192.168.68.2:32839 71.229.226.123:3346 71.229.226.123:3346

udp xxx.xxx.xxx.xxx:32839 192.168.68.2:32839 76.27.77.174:37437 76.27.77.174:37437

udp xxx.xxx.xxx.xxx:32839 192.168.68.2:32839 76.118.108.152:31429 76.118.108.152:31429

udp xxx.xxx.xxx.xxx:32839 192.168.68.2:32839 76.250.66.180:45836 76.250.66.180:45836

udp xxx.xxx.xxx.xxx:32839 192.168.68.2:32839 78.98.26.101:21850 78.98.26.101:21850

udp xxx.xxx.xxx.xxx:32839 192.168.68.2:32839 81.236.227.18:27007 81.236.227.18:27007

udp xxx.xxx.xxx.xxx:32839 192.168.68.2:32839 83.143.38.23:36729 83.143.38.23:36729

udp xxx.xxx.xxx.xxx:32839 192.168.68.2:32839 84.1.163.74:47490 84.1.163.74:47490

udp xxx.xxx.xxx.xxx:32839 192.168.68.2:32839 85.11.157.124:48796 85.11.157.124:48796

udp xxx.xxx.xxx.xxx:32839 192.168.68.2:32839 86.1.133.46:28738 86.1.133.46:28738

udp xxx.xxx.xxx.xxx:32839 192.168.68.2:32839 86.61.51.173:61372 86.61.51.173:61372

udp xxx.xxx.xxx.xxx:32839 192.168.68.2:32839 88.216.126.136:34350 88.216.126.136:34350

udp xxx.xxx.xxx.xxx:32839 192.168.68.2:32839 94.44.1.52:29795 94.44.1.52:29795

udp xxx.xxx.xxx.xxx:32839 192.168.68.2:32839 98.203.152.135:63002 98.203.152.135:63002

udp xxx.xxx.xxx.xxx:32839 192.168.68.2:32839 98.204.81.99:25431 98.204.81.99:25431

udp xxx.xxx.xxx.xxx:32839 192.168.68.2:32839 128.122.10.68:10918 128.122.10.68:10918

udp xxx.xxx.xxx.xxx:32839 192.168.68.2:32839 142.51.211.7:61343 142.51.211.7:61343

udp xxx.xxx.xxx.xxx:32839 192.168.68.2:32839 219.122.216.128:14679 219.122.216.128:14679

tcp xxx.xxx.xxx.xxx:33012 192.168.68.2:33012 217.76.114.233:443 217.76.114.233:443

tcp xxx.xxx.xxx.xxx:33015 192.168.68.2:33015 81.190.34.165:443 81.190.34.165:443

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to

‎12-07-2008 01:18 PM

Don't know whether it's IOS related, platform related (unlikely), feature set related. I have a 2600 router that i can boot up tomorrow and see what behaviour i get.

Jon

0 Helpful

Not applicable
In response to Jon Marshall

‎12-07-2008 01:20 PM

that would be nice. thank you for your efforts.

0 Helpful

mdensmor
Level 1
Level 1
In response to

‎12-07-2008 08:32 PM

sorry wrong post

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card