Hi Georg

What do you think is the difference between

ip nat inside source static 10.10.10.1 20.20.20.2

AND

ip nat inside source static 10.10.10.3 20.20.20.2

10.10.10.1 is the local IP address and that has to be translated to 20.20.20.2 when it goes out to the Internet as 10.10.10.1 is not routable. Therefore what ever the packet going out of Serial 2 interface of R3 will have the new source address as 20.20.20.2

However the moment I remove the command 'ip nat outside' from Serial 2 interface in R3, I can ping to 20.20.20.2 from R2.

I'll try what you say but I don't know whether or not will it work. Besides it's no the command 'ip nat inside source static NAT' but the moment you remove 'ip nat outside' from Serial 2 in R3, I can ping from R2 to R3's Serial 2.

Anyway thank you very much for taking time to give me an answer.

Omal

Hello Omal,

enable ip nat debugging on router R3:

debug ip nat

term mon

When you ping 20.20.20.2 from R2´s IP address 20.20.20.1, you will see the following:

R3#

00:08:32: NAT*: s=20.20.20.1, d=20.20.20.2->10.10.10.1 [10]

00:08:34: NAT*: s=20.20.20.1, d=20.20.20.2->10.10.10.1 [11]

00:08:36: NAT*: s=20.20.20.1, d=20.20.20.2->10.10.10.1 [12]

00:08:38: NAT*: s=20.20.20.1, d=20.20.20.2->10.10.10.1 [13]

00:08:40: NAT*: s=20.20.20.1, d=20.20.20.2->10.10.10.1 [14]

The destination 20.20.20.2 gets translated to 10.10.10.1 because of the ip nat outside command on R3´s serial 2 interface.

HTH,

Georg

Hi Georg

Thank you so much for taking such an effort to give me an answer, I really appreciate it.

Hmmmm, this teaches me something new in NAT. I never thought about this. But Georg do you think me changing the command into

ip nat inside source static 10.10.10.3 20.20.20.2 will work? However I'll try it out when I go to work tomorrow. Then is that the solution for this problem?

by the way what do you mean by HTH? -:)

I have aonther problem, wish you know the answer for that as well. None of these debug command work in my routers. Do you think it is the IOS?

Thank you so much!!!

Omal

Hello Omal,

the debug commands are supported starting in IOS version 11.2, remember that the debug commands are issued from the privileged exec command line:

R3#debug ip nat

R3#term mon

HTH - that is short for Hope This Helps, I guess it is used frequently amongst Internet users...another one that you might come across often is AFAIK (as far as I know)...:)

Regards,

Georg

Hi Georg

Many thanks for your quick reply.

My IOS is 12.x I can't remember the exact version, but one thing that I know is, it doesn't have IGRP. I asked that in this forum then someone said from a new IOS it has been removed or something. I don't know whether Cisco has removed debug also.

I will try what you have said tomorrow when I go to work.

Thank you very much for your kind advices especially about those Internet short codes -:)

Would you also mind telling me, what is this command:

R3#term mon

Talking about debug, none of the debugging is working in my routers, I am not sure as to why.

Best regards,

Omal

Hello Omal,

strange that the debug commands are not working. can you post the output of the command:

show version

? The command term mon is short for terminal monitor, it allows you to view the debug output on your terminal. To disable it after you are finished type:

term no mon

Regards,

Georg

Hi Georg

Thank you so much for solving something that I couldn't solve for quite sometime.

It was not actually debug command wasn't working, it was actually I did not know term mon command. I didn't know that I had to give that command after debug command. I just tried that and it worked. Thank you so much Georg.

But I don't have IGRP and that's for sure. Let me post the show version.

Best regards,

Omal

R1#show version

Cisco Internetwork Operating System Software

IOS (tm) 2500 Software (C2500-IS-L), Version 12.2(15)T8, RELEASE SOFTWARE (fc2)

TAC Support: http://www.cisco.com/tac

Copyright (c) 1986-2003 by cisco Systems, Inc.

Compiled Tue 09-Sep-03 23:12 by pwade

Image text-base: 0x0307FFEC, data-base: 0x00001000

ROM: System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE

BOOTLDR: 3000 Bootstrap Software (IGS-RXBOOT), Version 10.2(8a), RELEASE SOFTWAR

E (fc1)

R1 uptime is 53 minutes

System returned to ROM by power-on

System image file is "flash:/c2500-is-l.122-15.T8.bin"

cisco 2500 (68030) processor (revision D) with 16384K/2048K bytes of memory.

Processor board ID 02368247, with hardware revision 00000000

Bridging software.

X.25 software, Version 3.0.0.

Basic Rate ISDN software, Version 1.1.

1 Ethernet/IEEE 802.3 interface(s)

2 Serial network interface(s)

1 ISDN Basic Rate interface(s)

32K bytes of non-volatile configuration memory.

16384K bytes of processor board System flash (Read ONLY)

Configuration register is 0x2102

Hello Omal,

possibly your IP Plus does not support IGRP. According to the software advisor, any of the IOS releases below support it (not sure if you can load those onto your 2503):

12.2(11)T10

c2500-is-l.12.2-11.T10

12.2(21a)

c2500-is-l.12.2-21a

12.1(5)T17

c2500-is-l.12.1-5.T17

Regards,

Georg

Hi Georg

Thank you so much for taking time to answer my questions. I really appreciate it.

When it comes to NAT, I don't understand as to why do you always config int e 0 as ip nat inside and int s 0 as ip nat outside

Can't it be the other wat round, i.e. int e 0 as ip nat outside and int s 0 as ip nat inside

I also don't understand what exactly the meaning of ip nat inside source static command.

what if we do it as follows:

interface ethernet 0

ip address 10.10.10.1 255.255.255.0

ip nat outside

interface serial 0

ip address 203.115.19.225

ip nat inside

***in this case I have changed ip nat inside & outside interfaces from the normal one that we use****

ip nat outside source static 10.10.10.x 203.115.19.225

what can't we do it like this.

Please be kind enough to let me know if possible.

Best regards,

Omal.

Hello Georg and Omal,

It looks like the router R1 does not have a route to answer the ping which is translated correctly. If R1 does not have a route for 20.20.20.0/24, it cannot respond to a ping.

Nadine.

Hi Nadine

Yes, I guess you have a point there. Because (I can't remember it now, I'll update it on Monday) if I give a default route in R1, it works I guess. But as I said I can't remember 100% about it, but let me try that out and update you on Monday.

But then there will be another problem. Then how can we check if S2 in R3 is up or not, if we can't ping to that interface's IP address. When we ping, if we don't get a reply, the problem could be somewhere else even. This reminds me of the command 'ip unnumbered'

You can't ping and see if that interface is up or not.

Thanks a lot!

Omal.