11-04-2010 05:13 AM - edited 03-06-2019 01:53 PM
Hello,
I configured a static NAT from the WAN to a private IP (192.168.2.5) on the LAN. I have used a WAN IP dynamic.
interface Vlan1
ip nat inside
ip tcp adjust-mss 1398
!
interface Dialer0
ip nat outside
!
ip nat inside source static 192.168.2.5 interface Dialer0
The problem is then I do a ping from the router, for example to 8.8.8.8, I don't get answer.
In cisco logs shows:
ping 8.8.8.8
000232: Nov 4 09:21:59.260 UTC: NAT*: o: icmp (8.8.8.8, 41) -> (IP WAN ROUTER, 41) [49129]
000233: Nov 4 09:21:59.260 UTC: NAT*: o: icmp (8.8.8.8, 41) -> (IP WAN ROUTER, 41) [49129]
000234: Nov 4 09:21:59.260 UTC: NAT*: s=8.8.8.8, d=IP WAN ROUTER->192.168.2.5 [49129]
000235: Nov 4 09:22:01.256 UTC: NAT*: o: icmp (8.8.8.8, 41) -> (IP WAN ROUTER, 41) [49130]
000236: Nov 4 09:22:01.256 UTC: NAT*: s=8.8.8.8, d=IP WAN ROUTER->192.168.2.5 [49130]
...
And from the 192.168.2.5 machine I did a tcpdump:
13:01:18.334255 IP 8.8.8.8 > 192.168.2.5: ICMP echo reply, id 84, seq 0, length 72
13:01:20.330983 IP 8.8.8.8 > 192.168.2.5: ICMP echo reply, id 84, seq 1, length 72
13:01:22.331766 IP 8.8.8.8 > 192.168.2.5: ICMP echo reply, id 84, seq 2, length 72
13:01:24.330629 IP 8.8.8.8 > 192.168.2.5: ICMP echo reply, id 84, seq 3, length 72
13:01:26.332398 IP 8.8.8.8 > 192.168.2.5: ICMP echo reply, id 84, seq 4, length 72
Any ideas?
Sorry for my english
Thank You!
11-04-2010 12:02 PM
Hi,
This is an expected behavior. Because you are configuring static NAT for a single external IP address, that address will be mapped (translated) to the internal address you configured and every traffic coming from the outside (internet) will be sent to the internal address.
In order to have internet connectivity on your router as well, you will need to use dynamic overloaded nat (PAT) which is assigning a port for each connection and does not make a 1:1 translation as static. However, in that case you will need to forward ports to your server if you would like them to be accessible from the internet.
Here's an example for overloaded nat:
access-list 1 permit 192.168.2.0 0.0.0.255
!
ip nat inside source list 1 interface Dialer0 overload
For more information about NAT, visit the following links:
How NAT Works
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094831.shtml
Configuring Network Address Translation: Getting Started
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml
Andras
11-05-2010 04:57 AM
Hello,
First, thanks for answer my question.
I can't understand that a zyxel can do a static nat against a firewall, and in the same time answer requests DynDNS.
And however cisco can not perform a ping. The problem is that the machine with IP 192.168.2.5 is a firewall, and must be redirected all traffic to the firewall.
This whole thing is, because as a dynamic IP I have configured DynDNS in the cisco. But of course, all traffic is going against 192.168.2.5.
I have also tried other DynDNS clients for debian, as ddclient and IPCheck. But the firewall has two gateways, and it only updates the IP that has the default gateway.
Thanks.
Regards.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: