Static NAT Config - Not able to telnet/Ping/FTP the VIP

Unanswered Question
Nov 12th, 2009
User Badges:

Hi,


I have a VIP for which I have configured static NAT with a private IP. Now I am seeing that I am unable to telnet or FTP or ping to that VIP from that private IP. I can ping other VIPS from the same private IP and I can ping the VIP from other private ip addresses. Below is my configuration.

access-list somecompany_statnat_206.32.55.115 line 8 extended deny ip host 172.16.234.30 172.16.0.0 255.252.0.0

access-list somecompany_statnat_206.32.55.115 line 10 extended deny ip host 172.16.234.30 172.16.84.0 255.255.

255.0


access-list somecompany_statnat_206.32.55.115 line 16 extended permit ip host 172.16.234.30 any


class-map match-any somecompany_statnat_206.32.55.115

2 match access-list somecompany_statnat_206.32.55.115



class somecompany_statnat_206.32.55.115

nat static 206.32.55.115 netmask 255.255.255.255 vlan 600


policy-map multi-match SOMECOMPANY_SNAT_POLICY

class somecompany_statnat_206.32.55.115

nat static 206.32.55.115 netmask 255.255.255.255 vlan 600


interface vlan 1234

description somecompany_dmz

ip address 172.16.234.2 255.255.255.0

alias 172.16.234.1 255.255.255.0

peer ip address 172.16.234.3 255.255.255.0

access-group input somecompany_dmz_acl

access-group output all

nat-pool 1234 206.32.55.110 206.32.55.110 netmask 255.255.255.255 pat

service-policy input remote-mgmt

service-policy input INSPECTION_POLICY

service-policy input SOMECOMPANY_SNAT_POLICY

service-policy input SOMECOMPANY_NAT_POLICY

service-policy input Virtual_IP

no shutdown


Below is also the Server to VIP configuration. This is for allowing the Private IP to access the VIP. access-lists for the ports have not been mentioned but have been allowed.


access-list SOMECOMPANY_SERVER_TO_VIP extended permit ip 172.16.234.0 255.255.255.0 host 206.32.55.115


class-map match-any SOMECOMPANY_SERVER_TO_VIP

2 match access-list SOMECOMPANY_SERVER_TO_VIP


policy-map multi-match SOMECOMPANY_NAT_POLICY

class SOMECOMPANY_SERVER_TO_VIP insert-before somecompany_nat

nat dynamic 1234 vlan 1234


Appreciate your help


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion