NAT Issue?

Unanswered Question
Jan 14th, 2009

We are having an issue with our nat statements. Was hoping someone could see something I don't. Here's the low down. We have 2 networks .157.0 and 158.0 that need access to our as400. They are going through their own switch before the hit our net work. As far as I can tell it should work. But I canot ping their workstations and the cant et past their Gateway.

interface GigabitEthernet6/0/0.162

description Volt Delta

encapsulation dot1Q 162

ip address 192.168.162.211 255.255.255.240

no ip redirects

ip nat outside

!

!

router eigrp 1

redistribute static

network 172.21.255.20 0.0.0.3

network 172.28.255.16 0.0.0.3

network 172.28.255.36 0.0.0.3

network 172.28.255.40 0.0.0.3

network 172.28.255.64 0.0.0.3

network 172.30.0.0

network 192.168.0.24 0.0.0.3

network 192.168.1.60 0.0.0.3

network 192.168.4.12 0.0.0.3

network 192.168.4.28 0.0.0.3

network 192.168.6.16 0.0.0.15

network 192.168.77.0

network 192.168.102.0

network 192.168.103.0

network 192.168.104.0

network 192.168.107.0

network 192.168.110.0

network 192.168.112.0

network 192.168.162.208 0.0.0.15

network 192.168.240.0

no auto-summary

eigrp log-neighbor-changes

!

no auto-summary

eigrp log-neighbor-changes

!

router eigrp 20

network 172.28.255.80 0.0.0.3

no auto-summary

eigrp log-neighbor-changes

!

ip nat inside source list NAT interface GigabitEthernet6/0/0.162 overload

ip nat inside source static tcp 192.168.105.10 23 192.168.162.222 23 extendable

ip nat inside source static tcp 172.29.14.74 23 192.168.162.221 23 extendable

ip nat inside source static tcp 172.29.14.96 23 192.168.162.220 23 extendable

ip classless

ip route 0.0.0.0 0.0.0.0 172.28.255.65

ip route 192.168.157.0 255.255.255.0 192.168.162.213

ip route 192.168.158.0 255.255.255.0 192.168.162.213

ip tacacs source-interface FastEthernet1/1/0.1

no ip http server

!

!

ip access-list extended NAT

permit ip 192.168.157.0 0.0.0.255 host 172.29.14.74

permit ip 192.168.157.0 0.0.0.255 host 192.168.105.10

permit ip 192.168.158.0 0.0.0.255 host 172.29.14.74

permit ip 192.168.158.0 0.0.0.255 host 192.168.105.10

permit ip 192.168.157.0 0.0.0.255 host 172.29.14.96

permit ip 192.168.158.0 0.0.0.255 host 172.29.14.96

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Wed, 01/14/2009 - 11:28

Gregory

We are missing some of the detail here. Where is "ip nat inside" applied to ie. which interface as it is not included in the above config.

You are dynamically natting 192.168.157 & 158 to 192.168.162.211. So you won't be able to ping the 192.168.157/158 addresses unless you are pinging the real addresses ?

Perhaps you could explain the topology a little better.

What config are we looking at above.

What does "sh ip nat translations" show on the device you are doing the NAT on ?

Jon

gregorymwatson Thu, 01/15/2009 - 08:13

Jon,

Thanks so much for taking a look at this for me.. Here is the information we're missing;

Well right now we have "ip nat inside" on several different interfaces including the one going back to the AS400 (ATM1/0/0 172.28.255.66)

The config is off a 7507 Version 12.1(18), RELEASE SOFTWARE (fc1)

The topology is this: We have the work stations (.157.0/24 and .158.0/24) connect to their Nortel switches in to our 6509 then over fiber to the 7507 (GigabitEthernet6/0/0.162 192.168.162.211).

Here is the output from "sh ip nat trans"

arabaldc7507#sh ip nat trans

Pro Inside global Inside local Outside local Outside global

tcp 192.168.162.220:23 172.29.14.96:23 --- ---

tcp 192.168.162.221:23 172.29.14.74:23 --- ---

tcp 192.168.162.222:23 192.168.105.10:23 --- ---

Thanks again so much for your help..

Actions

This Discussion