Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

NAT Translation Help Needed

I have a customer with the following NAT config...

interface FastEthernet0/0

description LAN connection in

ip address 10.0.0.30 255.255.255.0

ip access-group 101 out

ip nat inside

no ip mroute-cache

interface Serial1/1

description ipdial

ip address 207.143.94.78 255.255.255.252

ip nat outside

no ip mroute-cache

no fair-queue

!

ip nat inside source static 10.0.0.6 209.120.84.3

ip nat inside source static 10.0.0.12 209.120.84.4

...I am able to ping, trace and telnet to the services behind 209.120.84.4.

I am only able to ping 209.120.84.3. I cannot trace or telnet to the mail server behind this address. Any ideas as to why that would be? What can I do to troubleshoot this issue?

Thanks,

Jay

2 REPLIES
Cisco Employee

Re: NAT Translation Help Needed

Try removing the ACL 101 on FastEthernet0/0, see if it works, maybe you are not allowing all ports for 209.120.84.3

If that does not help, do a 'debug packet detail 110'

create a new 110 acess-list as follows, this will only show the debug output destined for 209.120.84.3;

access-list 110 permit ip any host 209.120.84.3

See what the debug says, does the packet for telnet/trace arrive to your router, maybe they never make it to your router?

HTH

R/Yusuf

Community Member

Re: NAT Translation Help Needed

Thanks for the suggestions. I will try them. The current access list look like this...

access-list 101 permit tcp any any eq www

access-list 101 permit ip any any log

Thanks,

Jay

87
Views
0
Helpful
2
Replies
CreatePlease to create content