Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
419
Views
0
Helpful
2
Replies

Problems with NATing

ingemar.jacob
Level 1
Level 1

‎10-06-2010 10:59 AM - edited ‎03-06-2019 01:21 PM

Hello,

in our company we have a Cisco 1802 installed and need to use NAT.

During a configuration change for one of our customers we needed to change the inside and outside NAT interfaces.

The configuration worked fine until we have to make a change for our new video communication device.

Here are some snippets of the router configuration:

interface fast 0 (connected to the internet)

ip address 51.52.53.54 255.255.255.248

ip nat inside (we can't change this, because it's needed for another config)


interface vlan1 (local network)

ip adress 172.16.0.254 255.255.255.0

ip nat outside

The video communication device has the address 172.16.0.250 and should be externaly avaible via 51.52.53.55 so i did the following:

ip nat outside source static 172.16.0.250 51.52.53.55

The default gateway of the VCD is 172.16.0.254

After setting the NAT entry 51.52.53.55 becomes ping-able from the outside but the device isn't reachable by a web browser or another VCD.

Does someone has any ideas?

with kind regards

I. Jacob

Labels:
0 Helpful
2 Replies 2

Raphael Wouters
Cisco Employee
Cisco Employee

‎10-07-2010 01:02 AM

Hi Jacob,

If you do:

ip nat outside source static 172.16.0.250 51.52.53.55

You actually create a rule to tranform the destination IP address of outgoing (in->out) from 51.52.53.55 to 172.16.0.250 -or- translate the source IP address of incoming packets (out->in) the same way.
When you ping 51.52.53.55 I belive it's the router that reply as the packet is being "received" on the router by adding that nat rule. You can confirm by doing "debug ip icmp" on the router if you want. Since no http server is enbaled on the router, you can't access this ip with a browser.
So, what you need here is a static rule to translate the destination ip address of an incoming packet (out->in) from 51.52.53.55 to 172.16.0.250 -or- the source ip address of an outgoing packet (in->out) to 51.52.53.55 to 172.16.0.250. Which the definition of a static inside rule:

ip nat inside source static 172.16.0.250 51.52.53.55
Can you try that and let me know if this worked?

0 Helpful

ingemar.jacob
Level 1
Level 1
In response to Raphael Wouters

‎10-07-2010 03:09 AM

Hello,

thanks for your reply but i solved the problem meanwhile.

i replaced the current entry with this one

ip nat outside source static 172.16.0.250 51.52.53.55 add-route

and it worked for me.

greetings

Jacob

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card