I have an 2901 router and I am getting the strangest ping results from a NATed IP address on my DMZ. I am about at my wits end and would appreciate any help.
Pinging 192.168.12.140 with 32 bytes of data: Reply from 22.214.171.124: bytes=32 time=1ms TTL=126 Reply from 126.96.36.199: bytes=32 time=1ms TTL=126 Reply from 188.8.131.52: bytes=32 time=1ms TTL=126 Reply from 184.108.40.206: bytes=32 time=1ms TTL=126
Ping statistics for 192.168.12.140: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 1ms, Maximum = 1ms, Average = 1ms
I have a
Relevant config from 2901 router:
ip address 192.168.254.2 255.255.255.248 ip nat outside ip virtual-reassembly in no ip route-cache
interface GigabitEthernet0/1.12 description Primary DMZ encapsulation dot1Q 12 ip address 192.168.12.1 255.255.255.0 ip nat inside ip inspect Inspect_1 in ip inspect Inspect_1 out ip virtual-reassembly in no ip route-cache
interface GigabitEthernet0/1.66 description Public encapsulation dot1Q 66 ip address 220.127.116.11 255.255.255.240 ip access-group Public_Access in ip inspect Inspect_1 in ip inspect Inspect_1 out ip virtual-reassembly in no ip route-cache
ip nat inside source static 192.168.12.140 18.104.22.168
This behaviour is correct following your configuration.
You have declared interface GigabitEthernet0/1.12 "NAT inside" and the interface Vlan254 "NAT outside".
If you send a ping from 192.168.1.x to 192.168.12.140 , the reply ingress to the 2901 from the "INSIDE" and egress from the "OUTSIDE". This causes that the router applies the rule "ip nat inside source static 192.168.12.140 22.214.171.124" and this is the IP that you see in your console, it´s correct.
Maybe the correct configuration for your scenario (I don´t know what do you want with it) is to declare like "NAT Outside" the interface GigabitEthernet0/1.12, not the interface vlan 254.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...