08-26-2010 08:52 AM - edited 03-04-2019 09:33 AM
Have an issue trying to get IOS to NAT both src and dst addresses.
It looks like traffic is being NAT'ed ok going from outside to in and i can see a reponse packet coming into the inside interface on the NAT router but it gets lost and never makes it back through the outside interface.
When i ping from 1.1.1.2 to 172.109.31.1 no reply but nat seems to be working- only 1 way though
debug ip nat
*Mar 1 00:31:50.231: NAT*: o: icmp (1.1.1.2, 11) -> (172.109.31.1, 11) [55]
*Mar 1 00:31:50.235: NAT*: o: icmp (1.1.1.2, 11) -> (172.109.31.1, 11) [55]
*Mar 1 00:31:50.235: NAT*: s=1.1.1.2->192.168.241.128, d=172.109.31.1 [55]
*Mar 1 00:31:50.239: NAT*: s=192.168.241.128, d=172.109.31.1->172.26.0.1 [55]
i feel i am missing something obvious
All assistance appreciated
test topology:
test rtr-------------outside---NATrtr----inside---------test target 172.26.0.1
cfg extract shown
interface FastEthernet0/0
ip address 192.168.241.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial0/0
ip address 1.1.1.1 255.255.255.0
ip nat outside
ip virtual-reassembly
clock rate 2000000
!
!
ip route 172.26.0.0 255.255.0.0 192.168.241.2
!
!ip nat inside source static 172.26.0.1 172.109.31.1
ip nat outside source static 1.1.1.2 192.168.241.128
!
Solved! Go to Solution.
08-26-2010 10:50 AM
Hi,
I think for NVI, the regular NAT rule wont work. Because in NVI there is no concept of inside and outside network, you need to remove the inside/outside from your NAT rule.
I think your problem is there is no route for the return traffic. try add a static route for 192.168.241.128, and point to s0/0, see if that helps.
Regards,
Lei Tian
08-26-2010 09:27 AM
Hello,
Please try using "NAT Virtual Router" feature and see if that helps.
interface FastEthernet0/0
ip address 192.168.241.1 255.255.255.0
no ip nat inside
ip nat enable
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial0/0
ip address 1.1.1.1 255.255.255.0
no ip nat outside
ip nat enable
ip virtual-reassembly
clock rate 2000000
Once you configure "ip nat enable" under both interfaces, remove and reapply
the NAT rules.
Hope this helps.
Regards,
NT
08-26-2010 10:50 AM
Hi,
I think for NVI, the regular NAT rule wont work. Because in NVI there is no concept of inside and outside network, you need to remove the inside/outside from your NAT rule.
I think your problem is there is no route for the return traffic. try add a static route for 192.168.241.128, and point to s0/0, see if that helps.
Regards,
Lei Tian
08-27-2010 05:36 AM
folks,
many thanks for the replies...tried both.
The NVI did not help but putting a static host route into the config achieved the desired result.
Interestingly there is also an option to do this on the outside source static command .........add-route
I stumbled over this by accident when trying out the suggestions.
cheers
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide