12-07-2005 02:08 AM - edited 03-03-2019 01:02 AM
Hi.
We need to configure double nat on a router, to mask inside hosts to outside
and viceversa, but it doesn't work.
If we perform ony one direction nat all work properly.
Situation is:
10.188.12.0/24----Router-----10.188.31.0/24------RouterNAT-----10.0.43.224/20---
---Router-----10.1.2.123
we need that real host 10.188.12.100 connect to real host 10.1.2.123 using
source natted ip 10.0.43.226 and destination natted ip 10.188.31.123.
This is show run
interface FastEthernet0/0
ip address 10.0.43.238 255.255.255.240
ip nat inside
!
interface FastEthernet0/1
ip address 10.188.31.1 255.255.255.0
ip nat outside
!
ip nat pool CAD 10.0.43.226 10.0.43.237 netmask 255.255.255.240
ip nat inside source static 10.1.2.123 10.188.31.123
ip nat outside source list 1 pool CAD
ip classless
ip route 0.0.0.0 0.0.0.0 10.0.43.225
ip route 10.188.0.0 255.255.224.0 10.188.31.10
!
access-list 1 permit 10.188.12.0 0.0.0.255
I've sniffed packets on destination, and there come three packets, when I try to establish a telnet session
1) src 10.0.43.226 --> dst 10.1.2.123 SYN
2) src 10.1.2.123 --> dst 10.0.43.226 SYN ACK
3) src 10.0.43.226 --> dst 10.1.2.123 RST
NAT seems to work properly, but I don't understand why sender Reset connection..
Thanks
Daniele
12-12-2005 02:44 PM
To mask the outside address to the inside network, use "ip nat outside source" command and map the outside address to any private address.This will map the outside public address to the inside private network.
Since you want your outside global outside address to 10.188.31.123, use the following cmd ip nat ouside source "outside global address(use the respective ip address)" 10.188.31.123.This will mask the public ip address from the private network while packets arrive from global to local.
12-13-2005 06:56 AM
Yes, I've configured the router in this way...
ip nat outside source to mask outside address to inside hosts, and ip nat inside source static to permit external machine to access inside machines with natted ip...
but it doesn't work, it seems to mask properly the addresses, but when I try to establish a tcp connection, it RESET immediatly...
I've sniffed traffic on destination server, there it come:
1) SYN
2) ACK
3) RST
I don't understand....
12-13-2005 11:15 AM
Here is a real good link to help understand the inside outside source issue.
Always make sure you have the proper routing. I have noticed sometimes a default route will not work.
http://www.cisco.com/en/US/customer/tech/tk648/tk361/technologies_tech_note09186a0080094837.shtml
Rate if it helps.
Thanks
Mike
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: