cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
514
Views
0
Helpful
3
Replies

Have trouble connecting through a router running NAT

rshum
Level 1
Level 1

I added a static route to a device which is on the outside of a NAT translation. I can ping the new device from the router but not from the inside of the NAT table. I assume something in my NAT table isn't correct. Any help would be appreciated.

Here's what the config looks like.

interface FastEthernet0/0
ip address 10.90.250.4 255.255.255.0
ip nat inside
speed 100
full-duplex
!
interface FastEthernet0/1
description Cern Primary AT&T
ip address 10.101.41.15 255.255.255.0
ip nat outside
speed 100
full-duplex
!
router eigrp 1173
redistribute static
network 10.0.0.0
no auto-summary
no eigrp log-neighbor-changes
!
ip nat pool CERNnewOPEN-NAT 10.101.41.243 10.101.41.243 netmask 255.255.255.0
ip nat pool CERNOPEN-NAT 10.101.41.229 10.101.41.229 netmask 255.255.255.0
ip nat pool CERN-NAT 10.101.41.20 10.101.41.129 netmask 255.255.255.0
ip nat inside source list CERN-NAT pool CERNER-NAT overload
ip nat inside source list CERNOPEN-NAT pool CERNOPEN-NAT overload
ip nat inside source list CERNnewOPEN-NAT pool CERNnewOPEN-NAT overload
ip nat inside source static 10.90.41.154 10.101.41.235
ip nat inside source static 10.90.5.57 10.101.41.227
ip nat inside source static 10.90.5.66 10.101.41.220
ip nat inside source static 10.90.64.30 10.101.41.232
ip nat inside source static 10.90.64.32 10.101.41.231
ip nat inside source static 10.90.64.33 10.101.41.230
ip nat inside source static 10.90.64.34 10.101.41.234
ip nat inside source static 10.90.214.12 10.101.41.233
ip nat inside source static 10.90.32.6 10.101.41.200
ip nat inside source static 10.90.5.106 10.101.41.201
ip nat inside source static 10.90.5.75 10.101.41.202
ip nat inside source static 10.90.15.228 10.101.41.203
ip nat inside source static 10.90.5.2 10.101.41.204
ip nat inside source static 10.90.5.71 10.101.41.205
ip nat inside source static 10.90.67.10 10.101.41.206
ip nat inside source static 10.90.67.13 10.101.41.208
ip nat inside source static 10.90.64.9 10.101.41.209
ip nat inside source static 10.90.67.15 10.101.41.210
ip nat inside source static 10.90.64.10 10.101.41.211
ip nat inside source static 10.90.67.12 10.101.41.212
ip nat inside source static 10.90.67.11 10.101.41.213
ip nat inside source static 10.90.67.18 10.101.41.214
ip nat inside source static 10.90.67.16 10.101.41.215
ip nat inside source static 10.90.4.5 10.101.41.217
ip nat inside source static 10.90.5.65 10.101.41.218
ip nat inside source static 10.90.5.69 10.101.41.219
ip nat inside source static 10.90.5.70 10.101.41.221
ip nat inside source static 10.90.41.11 10.101.41.222
ip nat inside source static 10.90.5.72 10.101.41.223
ip nat inside source static 10.90.5.55 10.101.41.224
ip nat inside source static 10.90.5.76 10.101.41.225
ip nat inside source static 10.90.5.59 10.101.41.226
ip nat inside source static 10.90.6.120 10.101.41.228
ip nat inside source static 10.90.67.22 10.101.41.236
ip nat inside source static 10.90.214.23 10.101.41.237
ip nat inside source static 10.90.210.7 10.101.41.238
ip nat inside source static 10.90.210.18 10.101.41.239
ip nat inside source static 10.90.214.6 10.101.41.240
ip nat inside source static 10.90.67.21 10.101.41.241
ip nat inside source static 10.90.211.254 10.101.41.242
ip nat inside source static 10.90.32.161 10.101.41.244
ip nat inside source static 10.90.8.10 10.101.41.198
ip nat inside source static 10.90.9.13 10.101.41.196
ip nat inside source static 10.90.215.254 10.101.41.216
ip nat inside source static 10.90.210.6 10.101.41.195
ip nat inside source static 10.90.6.155 10.101.41.194
ip nat inside source static 10.90.6.83 10.101.41.193
ip nat inside source static 10.90.215.216 10.101.41.207
ip nat inside source static 10.90.215.200 10.101.41.245
ip nat inside source static 10.90.5.221 10.101.41.246
ip nat inside source static 10.90.200.90 10.101.41.247
ip nat inside source static 10.90.6.176 10.101.41.248
ip nat inside source static 10.90.211.253 10.101.41.191
ip nat inside source static 10.90.211.250 10.101.41.190
ip nat inside source static 10.90.67.140 10.101.41.189
ip nat inside source static 10.90.200.113 10.101.41.188
ip nat inside source static 10.90.37.121 10.101.41.187
ip nat inside source static 10.90.67.114 10.101.41.186
ip nat inside source static 10.90.211.240 10.101.41.185
ip nat inside source static 10.90.9.74 10.101.41.184
ip nat inside source static 10.90.11.86 10.101.41.192
ip classless
no ip forward-protocol udp tftp
no ip forward-protocol udp nameserver
no ip forward-protocol udp domain
no ip forward-protocol udp time
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
no ip forward-protocol udp tacacs
ip route 159.140.160.0 255.255.240.0 10.101.41.1
ip route 159.140.176.0 255.255.240.0 10.101.41.1
ip route 159.140.176.0 255.255.240.0 10.101.41.1

ip access-list extended CERN-NAT
deny   ip 10.90.4.232 0.0.0.3 159.140.160.0 0.0.15.255
deny   ip 10.90.4.232 0.0.0.3 159.140.176.0 0.0.15.255
deny   ip 10.90.200.48 0.0.0.7 159.140.160.0 0.0.15.255
deny   ip 10.90.200.48 0.0.0.7 159.140.176.0 0.0.15.255
permit ip 10.90.0.0 0.0.255.255 159.140.160.0 0.0.15.255
permit ip 10.90.0.0 0.0.255.255 159.140.176.0 0.0.15.255
ip access-list extended CERNOPEN-NAT
permit ip 10.90.4.232 0.0.0.3 159.140.160.0 0.0.15.255
permit ip 10.90.4.232 0.0.0.3 159.140.176.0 0.0.15.255
ip access-list extended CERNnewOPEN-NAT
permit ip 10.90.200.48 0.0.0.7 159.140.160.0 0.0.15.255
permit ip 10.90.200.48 0.0.0.7 159.140.176.0 0.0.15.255
3 Replies 3

John Blakley
VIP Alumni
VIP Alumni

Can you clarify a bit about what ip addresses are in question?

Which static route did you add? Which ip from the inside are you pinging from?

HTH, John *** Please rate all useful posts ***

I added the following static route "ip route 159.140.103.26 255.255.255.255 10.101.41.1".

I just noticed it wasn't in the copy of the config I pasted up here.

I'm trying to connect from a PC off of Fa0/0 which is the "inside" of the NAT. The target server being 159.140.103.26 is behind another router hanging off of Fa0/1.

Echo Blackley.

What is the ip address of the host you are pinging from? You have static translations in the config - is your host among those translations?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco