Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Problem with NAT.

I have a problem in a router c2811.

This router has an Isdn access to a central site using a Bri interface (wic-1b-s/t-v3).

The router has the following IOS: c2800nm-spservicesk9-mz.123-8.T8.bin.

This same router has an Internet access using an Adsl interface and at same time has an Isdn access to a customer, a client. Behind this router I have a firewall, an ASA5520.

The configuration can be seen in one file attached to this.

The problem is like this,

In the ASA, the traffic that goes to the outside is nated with the ip address of the outside interface.

In the router, the traffic that goes to the internet are not nated, but the traffic to the customer has to be nated (the client asked to be like this) with the ip address of the Isdn connection.

If I make a connection test (a “ping”) to the client internal network, from the ASA. I have no success. But if I do the same test in the router (with source in the internal interface of the router) I have success.

What I can see is that the packets are coming from the ASA and are going to the router internal interface. In the router they are nated and then are sent to the bri interface.

They are then sanded to the client internal network.

The replay to the “ping” is then sanded to my router (c2811), and I can still see this coming to my Bri interface.

The traffic, I mean, the destination ip address of the traffic is then translated to the ip address of the outside interface of the ASA…

This last thing should be happening, but it's not.

Almost the times I don't succeed in “pinging” the internal network of the client.

What I have in the ASA is:

ping outside repeat 15

Type escape sequence to abort.

Sending 15, 100-byte ICMP Echos to, timeout is 2 seconds:


Success rate is 6 percent (1/15), round-trip min/avg/max = 310/310/310 ms

In the router I have this:

*Feb 3 22:58:13.044: %SEC-6-IPACCESSLOGDP: list 113 permitted icmp -> (0/0), 12 packets

*Feb 3 22:58:13.044: %SEC-6-IPACCESSLOGDP: list 114 permitted icmp -> (8/0), 15 packets

*Feb 3 22:58:13.044: %SEC-6-IPACCESSLOGDP: list 115 permitted icmp -> (0/0), 1 packet

In the ASA I have this routing:

route outside 1

route outside 1

Can some one help me?

I can not antherstand what is appening.

Thanks in advance,


New Member

Re: Problem with NAT.

Your issue is a bit confusing but if I understand correctly, when you ping through the ASA to the network connected via ISDN to corp you are referring to the "client internal network" in your post and that is what's not working...

If so, I think the problem is with your natting in general.

If you want to nat to some destinations and not others you should make your nat rule more specific..

Something like this

interface fast 0/0

ip nat inside

int dialer 1

ip nat outside

ip nat inside source list 101

access-list 101 permit ip (source ip of firewall destination)[because you're natting all traffic to this address coming out of the firewall right?] (customer)network

access-list 101 deny ip any any

This last statement says don't nat anything else....

that should work.