Multiple Static NAT on 2811 routers

Unanswered Question
Sep 13th, 2010
User Badges:

Hi guys


I have configured a multiple static NAT  for a firewall (10.100.1.2) using ip nat inside source static on a 2600 router with one ethernet interface as inside and two ethernet interfaces and a serial interface as outside, using the following commands:


ip nat inside source static 10.100.1.2 x.x.x.x extendable (ISP 1)

ip nat inside source static 10.100.1.2 y.y.y.y extendable (ISP 2)

ip nat inside source static 10.100.1.2 z.z.z.z extendable (ISP 3)


int e0/0

ip address 10.100.1.1

ip nat inside


int e0/1

ip address x.x.x.1

ip nat outside


int e1/0

ip address y.y.y.1

ip nat outside


int s0/0

ip address z.z.z.1

ip nat outside


This configuration worked well, but, when we replaced the old 2600 router by a new 2811 router (12.4(24)T), only two of the static NAT (one ethernet and the serial interface) instances are working, we are unable to reach the (y.y.y.y) address, however the router interface on that ISP is still reachable. Are there any bug with the IOS version?, are there another option to configure the new router?


Gonzalo

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Federico Coto F... Tue, 09/14/2010 - 08:46
User Badges:
  • Green, 3000 points or more

Hi,


Not aware of any bug.

Pretty sure it should work.

Are you sure nothing else has changed (besides the hardware replacement) like an ACL or something?


If the IP of that interface is reachable, then we are fine up to that point.

One test that you can do is to create a static route out the interface that is not working...

i.e


ip route 4.2.2.1 255.255.255.255 of non-working interface


Then, from 10.100.1.2 you can try to PING that address.


What should happen is that 10.100.1.2 should be translated correctly to the public IP assigned to that interface and get out to the Internet.


You say the problem is accesing y.y.y.y, let's see if it can get outbound traffic using that IP.


Federico.

g.ayllon Tue, 09/14/2010 - 09:13
User Badges:

Thanks Federico.


No changes were made during the replacement, I have also tried natting over router interface and it works fine, I do not have more free IP addresses to test, but if PAT is working, I think there is no problem with the router nor IOS, I know it sounds a little weird, but it happens, also, I have requested to ISP a test over those links, maybe some problem in their ip assignment or something like that.


I will comment you guy.


Regards. 

Actions

This Discussion

Related Content