Re: NAT problem

glenner003 · ‎06-14-2002

Hello,

I have a problem with a Cisco 826 router and nat.

Until now, we had the following network:

INTERNET

|

FLOWPOINT ROUTER : External IP 217.136.183.122

| Internal IP 192.9.100.1

|

MULTITECH ROUTER : External IP 192.9.100.2

| Internal IP 192.8.100.1

|

+--- Mail server IP 192.8.100.3

|

+--- Web/FTP server IP 192.8.100.19

|

INTERNAL NETWORK

This is working just fine.

We intend to replace the first router (FLOWPIONT wich we rent from our provider)

with the cisco 826.

Our provider has configured it for us and it seemes al just fine, but our servers

can't be reached from the internet anymore.

I guess the problem lies in the combination of the routers

Here is the configuration overview:

+++++ Begin overview +++++

Router#show running-config

Building configuration...

Current configuration : 3929 bytes

!

version 12.2

no parser cache

no service single-slot-reload-enable

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname Router

!

logging rate-limit console 10 except errors

enable secret 5 $1$i3.K$0dB.wr5I4XWlo5Va8TL8c/

!

username Dataction password 7 06255A25594A203007

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip subnet-zero

no ip domain-lookup

--More-- !

no ip dhcp-client network-discovery

lcp max-session-starts 0

!

interface Ethernet0

description *** connected to the LAN ***

ip address 192.9.100.1 255.255.255.0

ip nat inside

hold-queue 100 out

!

interface ATM0

description *** ADSL Office to Skynet (053810938) ***5

ip address 217.136.183.122 255.255.255.0

ip nat outside

no atm ilmi-keepalive

pvc 0/35

protocol ip 217.136.183.1 broadcast

encapsulation aal5snap

!

ip nat pool buiten 217.136.183.122 217.136.183.122 netmask 255.255.255.0

--More-- ip nat inside source list 7 pool buiten overload

ip nat inside source static udp 192.9.100.2 53 217.136.183.122 53 extendable

ip nat inside source static tcp 192.9.100.2 53 217.136.183.122 53 extendable

ip nat inside source static tcp 192.9.100.2 220 217.136.183.122 220 extendable

ip nat inside source static tcp 192.9.100.2 143 217.136.183.122 143 extendable

ip nat inside source static tcp 192.9.100.2 110 217.136.183.122 110 extendable

ip nat inside source static tcp 192.9.100.2 25 217.136.183.122 25 extendable

ip nat inside source static tcp 192.9.100.3 21 217.136.183.122 21 extendable

ip nat inside source static tcp 192.9.100.3 20 217.136.183.122 20 extendable

ip nat inside source static tcp 192.9.100.3 80 217.136.183.122 80 extendable

ip classless

ip route 0.0.0.0 0.0.0.0 217.136.183.1

no ip http server

!

access-list 1 permit 195.238.2.0 0.0.0.255

access-list 1 permit 192.9.100.0 0.0.0.255

--More-- access-list 7 permit 192.9.100.0 0.0.0.255

banner motd ^CCCCCCCC

******************************************************************************

^C

!

line con 0

exec-timeout 120 0

stopbits 1

line vty 0 4

access-class 1 in

exec-timeout 0 0

login local

!

scheduler max-task-time 5000

end

+++++ End Overview +++++

Kind regards

Glenn Volckaert

osam · ‎06-17-2002

How many service providers do you have?

As far as I understand it, you are doing two different nattings, stage (1) on the MULTITECH, and then stage 2 is on the 826, am I right?

What is "192.9.100.3" IP address? Where does it reside?

glenner003 · ‎06-24-2002

Hi, I'm sorry to reply so late, but I wasn't in the office for a while.

We are using 1 ISP. The 192.9.100.3 address is used by the multitech router in its NAT configuration.

The same configuration is been working for quit a while with an other router, so it should be OK.

Thanks for your reply.

Kind regards

Glenn Volckaert