Router Static NAT Issue

Unanswered Question
Sep 1st, 2006
User Badges:

Hi,


We hv a network as per attached topology diagram.

Topology:-

Public Segment via Internet Leased Line and Private segment via point to point link between Internet Router and Private Router

Enabled static NAT on Internet router for Private Segment Sever (172.16.2.151) but unable to ping or browse to external world from the Natted Server.

Attaching the config for both the internet router as well as Private router.

Do i need to add any interface level nat commands or it will work.

Pls advise.


regards





  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
vijayasankar Fri, 09/01/2006 - 00:46
User Badges:
  • Silver, 250 points or more

Hi,


Along with the current configuration, You should configure "ip nat inside" ( in the private segment) and "ip nat outside" ( in the ouside segment) as follows.




interface FastEthernet0/0

description Connected to Private Segment

ip address 199.30.1.10 255.255.255.0

ip nat inside

duplex auto

speed 100

!

interface FastEthernet0/1

Connected to Public Segment

ip address 220.227.194.193 255.255.255.248

ip nat outside

duplex auto

speed auto


Only then nat will work.


HTH


-VJ


fmatrine Fri, 09/01/2006 - 01:17
User Badges:

Thanx for the suggestion...

But my private server is in 172.16.2.x network and not 199.x.x.x segment.

Also second ethernet of Internet router is Public IP...once traffic arrives on the internet router from the private segment...won't it get natted statically on the public ip and go out.

Pls advise.


Regards

DB

vijayasankar Fri, 09/01/2006 - 01:27
User Badges:
  • Silver, 250 points or more

In this case you should have the following config.


interface Serial0/0/0

Description Connected to Private_Router

ip address 192.168.165.30 255.255.255.252

ip nat inside


interface Serial0/0/1

Description Connected to Service Provider

ip nat outside



ip nat inside source static 172.16.2.151 220.227.194.197


Traffic from internet destined to the ip 220.227.194.197 will hit the serial interface 0/0/1 of your internet router. Here the nat translation should happend and convert the destination address to 172.16.2.151.


You need to have the "ip nat inside" and "ip nat outside" statements under proper interface to instruct the router how and when to NAT. With out which, your "ip nat inside source static..." command will not take effect at all.


HTH


-VJ


vijayasankar Fri, 09/01/2006 - 01:32
User Badges:
  • Silver, 250 points or more

Hi,


Additional info.


The IP 220.227.194.197 is a part of 220.227.194.192/29 subnet,which is located in the Fastethernet 0/1 of your internet router.

Hence Ensure that this ip 220.227.194.197 is not used by another system in this segment. You should not use this IP, as long as it is used for NAT.


-VJ



Actions

This Discussion