Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
411
Views
0
Helpful
3
Replies

NAT outside and inside

dimensyssrl
Level 1
Level 1

‎12-07-2005 02:08 AM - edited ‎03-03-2019 01:02 AM

Hi.

We need to configure double nat on a router, to mask inside hosts to outside

and viceversa, but it doesn't work.

If we perform ony one direction nat all work properly.

Situation is:

10.188.12.0/24----Router-----10.188.31.0/24------RouterNAT-----10.0.43.224/20---

---Router-----10.1.2.123

we need that real host 10.188.12.100 connect to real host 10.1.2.123 using

source natted ip 10.0.43.226 and destination natted ip 10.188.31.123.

This is show run

interface FastEthernet0/0

ip address 10.0.43.238 255.255.255.240

ip nat inside

!

interface FastEthernet0/1

ip address 10.188.31.1 255.255.255.0

ip nat outside

!

ip nat pool CAD 10.0.43.226 10.0.43.237 netmask 255.255.255.240

ip nat inside source static 10.1.2.123 10.188.31.123

ip nat outside source list 1 pool CAD

ip classless

ip route 0.0.0.0 0.0.0.0 10.0.43.225

ip route 10.188.0.0 255.255.224.0 10.188.31.10

!

access-list 1 permit 10.188.12.0 0.0.0.255

I've sniffed packets on destination, and there come three packets, when I try to establish a telnet session

1) src 10.0.43.226 --> dst 10.1.2.123 SYN

2) src 10.1.2.123 --> dst 10.0.43.226 SYN ACK

3) src 10.0.43.226 --> dst 10.1.2.123 RST

NAT seems to work properly, but I don't understand why sender Reset connection..

Thanks

Daniele

Labels:
0 Helpful
3 Replies 3

thomas.chen
Level 6
Level 6

‎12-12-2005 02:44 PM

To mask the outside address to the inside network, use "ip nat outside source" command and map the outside address to any private address.This will map the outside public address to the inside private network.

Since you want your outside global outside address to 10.188.31.123, use the following cmd ip nat ouside source "outside global address(use the respective ip address)" 10.188.31.123.This will mask the public ip address from the private network while packets arrive from global to local.

0 Helpful

dimensyssrl
Level 1
Level 1
In response to thomas.chen

‎12-13-2005 06:56 AM

Yes, I've configured the router in this way...

ip nat outside source to mask outside address to inside hosts, and ip nat inside source static to permit external machine to access inside machines with natted ip...

but it doesn't work, it seems to mask properly the addresses, but when I try to establish a tcp connection, it RESET immediatly...

I've sniffed traffic on destination server, there it come:

1) SYN

2) ACK

3) RST

I don't understand....

0 Helpful

Michael Stuckey
Level 3
Level 3
In response to dimensyssrl

‎12-13-2005 11:15 AM

Here is a real good link to help understand the inside outside source issue.

Always make sure you have the proper routing. I have noticed sometimes a default route will not work.

http://www.cisco.com/en/US/customer/tech/tk648/tk361/technologies_tech_note09186a0080094837.shtml

Rate if it helps.

Thanks

Mike

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents