08-26-2010 08:52 AM - edited 03-04-2019 09:33 AM
Have an issue trying to get IOS to NAT both src and dst addresses.
It looks like traffic is being NAT'ed ok going from outside to in and i can see a reponse packet coming into the inside interface on the NAT router but it gets lost and never makes it back through the outside interface.
When i ping from 1.1.1.2 to 172.109.31.1 no reply but nat seems to be working- only 1 way though
debug ip nat
*Mar 1 00:31:50.231: NAT*: o: icmp (1.1.1.2, 11) -> (172.109.31.1, 11) [55]
*Mar 1 00:31:50.235: NAT*: o: icmp (1.1.1.2, 11) -> (172.109.31.1, 11) [55]
*Mar 1 00:31:50.235: NAT*: s=1.1.1.2->192.168.241.128, d=172.109.31.1 [55]
*Mar 1 00:31:50.239: NAT*: s=192.168.241.128, d=172.109.31.1->172.26.0.1 [55]
i feel i am missing something obvious
All assistance appreciated
test topology:
test rtr-------------outside---NATrtr----inside---------test target 172.26.0.1
cfg extract shown
interface FastEthernet0/0
ip address 192.168.241.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial0/0
ip address 1.1.1.1 255.255.255.0
ip nat outside
ip virtual-reassembly
clock rate 2000000
!
!
ip route 172.26.0.0 255.255.0.0 192.168.241.2
!
!ip nat inside source static 172.26.0.1 172.109.31.1
ip nat outside source static 1.1.1.2 192.168.241.128
!
Solved! Go to Solution.
08-26-2010 10:50 AM
Hi,
I think for NVI, the regular NAT rule wont work. Because in NVI there is no concept of inside and outside network, you need to remove the inside/outside from your NAT rule.
I think your problem is there is no route for the return traffic. try add a static route for 192.168.241.128, and point to s0/0, see if that helps.
Regards,
Lei Tian
08-26-2010 09:27 AM
Hello,
Please try using "NAT Virtual Router" feature and see if that helps.
interface FastEthernet0/0
ip address 192.168.241.1 255.255.255.0
no ip nat inside
ip nat enable
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial0/0
ip address 1.1.1.1 255.255.255.0
no ip nat outside
ip nat enable
ip virtual-reassembly
clock rate 2000000
Once you configure "ip nat enable" under both interfaces, remove and reapply
the NAT rules.
Hope this helps.
Regards,
NT
08-26-2010 10:50 AM
Hi,
I think for NVI, the regular NAT rule wont work. Because in NVI there is no concept of inside and outside network, you need to remove the inside/outside from your NAT rule.
I think your problem is there is no route for the return traffic. try add a static route for 192.168.241.128, and point to s0/0, see if that helps.
Regards,
Lei Tian
08-27-2010 05:36 AM
folks,
many thanks for the replies...tried both.
The NVI did not help but putting a static host route into the config achieved the desired result.
Interestingly there is also an option to do this on the outside source static command .........add-route
I stumbled over this by accident when trying out the suggestions.
cheers
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: