Re: ios bidirectional nat

hank.latham · ‎04-27-2009

cannot seem to get bidirectional nat working on a 2801 running 12.4.

ip nat inside source static 10.1.1.1 66.170.199.205

With this static nat entry you can get to the inside host at 66.170.199.205, but 10.1.1.1 send traffic source nat'd to 66.170.199.205.

What am I missing?

andrew.prince · ‎04-28-2009

It sounds like it' doing what it should - what do you actually need to do?

hank.latham · ‎04-28-2009

1-1 static nat in both directions. Inbound from the Internet works fine, outbound to the Internet does not.

andrew.prince · ‎04-28-2009

Do you also have any dynamic nat configured ?

hank.latham · ‎04-28-2009

I do, see below. 10.1.2.10 is the culprit, inbound to works fine, outbound from 10.1.2.10 does not.

ip nat inside source list 199 interface

FastEthernet0/0 overload

access-list 199 deny ip host 10.1.2.10 any

access-list 199 permit ip any any

ip nat inside source static 10.1.2.10

andrew.prince · ‎04-28-2009

OK - the config looks OK, what is the output of "show ip nat trans" ?

hank.latham · ‎05-01-2009

Thanks, turned out to be a malformed acl on the router.