Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

One-to-one NAT not accessible from router

I am using a 3620 IOS 11.3. I have an ethernet interface using NAT (with a one-to-one static map for a mail server). I am not able to telnet to port 25 of the public IP when sourcing from an interface within this router, but I can telnet to the private IP on port 25. From anywhere else I can access the server via the public IP. I tried putting a static route for the public ip to route to the inside to no avail. I am curious to know if there is a resolution to this issue without having to resort to re-configuring the interface to a public subnet.

5 REPLIES
mm1
New Member

Re: One-to-one NAT not accessible from router

hi,

does it work if you specify the source ip of the nat outside interface? which source ip do you use to establish the session (as you mentioned a one-to-one mapping)?

martin

New Member

Re: One-to-one NAT not accessible from router

It works if I source from the serial interface to the public IP, but if I source from an ethernet interface, only the private IP responds

mm1
New Member

Re: One-to-one NAT not accessible from router

hi bill,

so it's something like that?

int serial0

ip addr 1.2.3.4 255.255.255.0

ip nat outside

!

int eth0

ip addr 192.168.0.1 255.255.255.0

ip nat inside

!

int eth1

ip addr 192.168.1.1 255.255.255.0

!

ip telnet source-interface serial 0

!

ip nat inside source static 192.168.0.2 1.2.3.5

!

Did I forget some relevant parts? Did you configure the specified ethernet interfaces as parts of the NAT config?

martin

New Member

Re: One-to-one NAT not accessible from router

martin-

here is the config:

!

interface Serial1/0

description - T1 to ATL7500 Int Serial1/0/0/27:0 CID -- 40DHDG517290 (B.S)

ip address 172.16.2.18 255.255.255.252

no ip redirects

no ip directed-broadcast

ip nat outside

!

!

interface FastEthernet0/0.7

description Benjamin Williams

encapsulation isl 7

ip address 192.168.7.1 255.255.255.0

no ip redirects

no ip directed-broadcast

ip nat inside

arp timeout 0

!

!

interface FastEthernet0/0.8

description WLR

encapsulation isl 8

ip address 216.230.65.81 255.255.255.248

no ip redirects

no ip directed-broadcast

ip nat inside

arp timeout 0

!

ip nat inside source static 192.168.7.2 216.230.67.213

The mail server exists at 192.168.7.2...

ATLTowPl#telnet 216.230.67.213 25 /source FastEthernet0/0.8

Trying 216.230.67.213, 25 ...

% Connection timed out; remote host not responding

ATLTowPl#telnet 192.168.7.2 25 /source FastEthernet0/0.8

Trying 192.168.7.2, 25 ... Open

220 bwserv01.walawfirm.com Microsoft ESMTP MAIL Service, Version: 5.0.2195.4453 ready at Tue, 5 Mar 2002 10:38:46 -0500

quit

221 2.0.0 bwserv01.walawfirm.com Service closing transmission channel

[Connection to 192.168.7.2 closed by foreign host]

ATLTowPl#telnet 216.230.67.213 25 /source Serial1/0

Trying 216.230.67.213, 25 ... Open

220 bwserv01.walawfirm.com Microsoft ESMTP MAIL Service, Version: 5.0.2195.4453 ready at Tue, 5 Mar 2002 10:40:30 -0500

quit

221 2.0.0 bwserv01.walawfirm.com Service closing transmission channel

[Connection to 216.230.67.213 closed by foreign host]

ATLTowPl#

I tried a static route (ip route 216.230.67.213 255.255.255.255 192.168.7.2)...but that didn't work

Thanks-

Bill

mm1
New Member

Re: One-to-one NAT not accessible from router

hi,

it should work if you configure the fa0/0.8 as a nat outside interface.

martin

217
Views
0
Helpful
5
Replies
CreatePlease to create content