NAT problem on Cat6500.

syancy · ‎03-15-2004

I have been asked to set up nat on a Cat6500. Here is what I have configured so far.

interface Vlan101

description Dev LAN uplink

ip address 10.66.40.246 255.255.255.192

ip nat outside

interface Vlan502

description System Connect (0777)

ip address 10.66.36.17 255.255.255.240

ip nat inside

ip nat inside source static 10.1.233.101 10.66.36.20

These settings are on our edge CAT. There is another CAT in between the system and a router beyond that where the system resides.

For example:

++++CAT w/NAT+++++++CAT++++3com router+++system

-> -> -> -> -> -> -> -> -> -> -> *

They have to use that 3com router as it's part of the system.

Here is what I see when I try to ping 10.1.233.101 with debug ip nat on.

28w5d: NAT: s=10.66.36.17, d=10.66.36.20->10.1.233.101 [55]

28w5d: NAT: s=10.66.36.17, d=10.66.36.20->10.1.233.101 [56]

28w5d: NAT: s=10.66.36.17, d=10.66.36.20->10.1.233.101 [57]

28w5d: NAT: s=10.66.36.17, d=10.66.36.20->10.1.233.101 [58]

28w5d: NAT: s=10.66.36.17, d=10.66.36.20->10.1.233.101 [59]

Ping responds to 10.66.36.20 but I do not believe it is from the 10.1.233.101 box. Telnet does not work to this box....Any ideas would be helpful...

skarundi · ‎03-16-2004

According to your config the inside local IP is 10.1.233.101 and the inside global IP is 10.66.36.20. ?? That doesn't make sense based on the IPs defined and the placement of the "ip nat outside" and "ip nat inside" statements.

What is your objective ?

Is your objective as follows:

Anyone on the System Connect LAN trying to connect to an outside device called 10.1.233.101 should use 10.66.36.20 instead. 10.66.36.20 gets translated to 10.1.233.101.

If this is your objective then use the "ip nat outside static 10.1.233.101 10.66.36.20" instead.

Reference:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080093f2f.shtml