Hi there,

this discussion (to EASY STORY) is supossed to :

1) get an confirmation, if the behaviour is bug or normal. If normal, what can I do to accomplish my task.

2) let someone with latest IOS train to test it, or perhaps to open a case if this is in his interest to be running, too. I dont have time, nor it's such criticial task to open a case on this.

So, after long time I underwent a research of full caveats document on the web, found nothing pointing to this NAT issue , for IOS 12.4(18), lets say IP ADv. Service I run. But issue \

may lie in whatever version of that train, even the latest 12.4(23)..

Well, I have a router with 2 interfaces, Fa0/0 to my PC (nat inside), Fa0/1 (nat outside) to modem and Internet.. and a single NAT rule set up, to establish a path to modem (has

a Web GUI), which normaly has no route back to PC. So the rule (static source) makes source IP of PC packets to get translated to source IP of F0/1 - direct link with that

modem. This is right, and 100% this must perform for packets traversing the router between these interfaces.

However, for traffic originating from router and related only to FE0/1 interface with modem (when I want to perform simple ping to existing Internet host), the router applies

this rule alike!!, and tries to translate the responses to go to your PC on F0/0! This is crazy. And the question 1 again is, if this is normal, and if yes, how can I make the

router traffic to run in parallel with NAT rule. If I turn it off, it runs OK.

THANKS!

3) The configuration first :

interface FastEthernet0/0

description <<e.g towards remote PC located on different subnet>

ip address 172.19.250.42 255.255.255.192

ip nat inside

ip virtual-reassembly

speed 100

full-duplex

!

interface FastEthernet0/1

description PS_UPLINK... to modem and Internet

ip address 172.16.254.97 255.255.255.248

ip nat outside

ip virtual-reassembly

speed 100

full-duplex

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 172.16.254.98

ip route a.a.78.65 172.19.250.1 // its the address of remote PC

!

!

no ip http server

no ip http secure-server

ip nat inside source static a.a.78.65 interface FastEthernet0/1

2) Failing pings, see the "." ...

SRCGRZ33#ping x.x.94.140

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to x.x.94.140, timeout is 2 seconds:

.

Apr 17 10:11:03.004 CET: NAT*: s=x.x.94.140, d=172.16.254.97->a.a.78.65 [41821].

Apr 17 10:11:05.067 CET: NAT*: s=x.x.94.140, d=172.16.254.97->a.a.78.65 [41822].

Apr 17 10:11:07.046 CET: NAT*: s=x.x.94.140, d=172.16.254.97->a.a.78.65 [41824].

Apr 17 10:11:09.074 CET: NAT*: s=x.x.94.140, d=172.16.254.97->a.a.78.65 [41826].

Success rate is 0 percent (0/5)

SRCGRZ33#

3) A cosmetic issue... look for icmptimeout value 60000.. when normally its defined in seconds, and counters decreseas in seconds properly :)

SRCGRZ33#sh ip nat translations verbose

Pro Inside global Inside local Outside local Outside global

icmp 172.16.254.97:27 a.a.78.65:27 x.x.94.140:27 x.x.94.140:27

create 00:00:09, use 00:00:04 timeout:60000, left 00:00:55,

flags:

extended, use_count: 0, entry-id: 1128, lc_entries: 0