02-05-2010 04:33 PM - edited 03-06-2019 09:36 AM
After two days I am still having trouble figuring out what I am missing here.
I have all users using dynamic NAT (PAT) to access the internet except now it is time to give one user a public IP address in order to run a server.
When I add the static NAT, the user can surf the net, but there is no access to the server from the outside interface.
It appears that packets from the outside are being translated to the inside address, but the server does not respond.
I hope someone can save me from spending another few days on this
The following portions of the config are from my test setup.
version 12.3
ip subnet-zero
no ip source-route
!
interface Ethernet0
description LAN Interface
ip address 192.168.10.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
no cdp enable
!
interface Ethernet1
description WAN Interface
ip address 192.168.199.10 255.255.255.0
ip access-group 103 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
duplex auto
no cdp enable
!
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet1 192.168.199.1
!
ip nat inside source list 102 interface Ethernet1 overload
ip nat inside source static 192.168.10.45 192.168.199.12 extendable
!
access-list 102 remark LAN Filter
access-list 102 deny ip host 192.168.10.45 any
access-list 102 permit ip 192.168.10.0 0.0.0.255 any
access-list 102 permit ip 172.16.20.0 0.0.3.255 any
access-list 102 permit ip 192.168.199.0 0.0.0.255 any
access-list 102 deny ip any any
!
access-list 103 remark WAN Filter
access-list 103 deny icmp any any redirect
access-list 103 deny ip host 255.255.255.255 any
access-list 103 deny ip 127.0.0.0 0.255.255.255 any
access-list 103 deny ip 10.0.0.0 0.255.255.255 any
access-list 103 deny ip 172.16.0.0 0.15.255.255 any
access-list 103 permit ip 192.168.199.0 0.0.0.255 any
access-list 103 deny ip 192.168.0.0 0.0.255.255 any
access-list 103 permit ip any any
access-list 103 deny ip any any
Solved! Go to Solution.
02-05-2010 05:11 PM
Does the server have the correct default gateway?
Trying running a continuous ping to the outside network from the server, then "show ip nat trans | inc 192.168.10.45"
02-05-2010 05:11 PM
Does the server have the correct default gateway?
Trying running a continuous ping to the outside network from the server, then "show ip nat trans | inc 192.168.10.45"
02-05-2010 06:27 PM
I can't believe how dumb I can be sometimes
My "test server" was the web page from a cheap dlink router. The dumb part was setting the "server IP" on the LAN side instead of the WAN side.
I could access the web page from the local subnet but not through the router. I had just done a wireshark capture at the server and was puzzling over why the server was issuing an unanswered arp request when I spotted your post.
You get full credit for asking about the default gateway first thing :)
Thank you, now I can go home.
Bob.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: