Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

C2900 inward NAT semi-success

Hi,

Running C2900-UNIVERSALK8-M, Version 15.0(1)M3 RELEASE SOFTWARE (fc2)

I have several sets of inward NAT defined (51001-51007, 52001-52007. 53001-53007),

all to various internal addresses. When I attempted to add another set, the new ones

do not work and get a "timeout" error.

When I tried port 51008, it gets a timeout.  When I changed 51008 to 51010, the 51010

now gets a timeout, and 51008 now gets "connection refused" (which I expect).

The original sets all work, the new ones (added at the end of the lists) do not.

When I am on any of the internal machines, the target (192.168.1.21) works fine.

When I am "in the router", I can connect via the ssh command, so I know that the

router can talk to 192.168.1.21 on port 22 as expected.

I now have 33 "ip nat inside source static" lines (there were 30 before the new ones):

ip nat inside source list 1 interface GigabitEthernet0/0 overload

and all of the ip nat inside lines are of the form:

ip nat inside source static tcp 192.168.1.x 22 interface GigabitEthernet0/0 51xxx

where the x octet is per machine, the 22 is 22, 443 or 9234 and 51xxx is 51001-51007 or

52001-52007 or 53001-53007 and I have

access-list 1 permit 192.168.1.0 0.0.0.255

Have I overflowed some "default" limit?

The router shows things correctly (see below).

Cheers,

  --ldl

> show ip nat translations

Pro Inside global      Inside local        Outside local      Outside global

tcp 76.113.46.9:51010  192.168.1.21:22     ---                ---

tcp 76.113.46.9:52010  192.168.1.21:443    ---                ---

tcp 76.113.46.9:53010  192.168.1.21:9234   ---                ---

...

tcp 76.113.46.9:51007  192.168.1.21:22     ---                ---

tcp 76.113.46.9:52007  192.168.1.21:443    ---                ---

tcp 76.113.46.9:53007  192.168.1.21:9234   ---                ---

Everyone's tags (1)
295
Views
0
Helpful
0
Replies
CreatePlease to create content