Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Static or nat from outside to inside -- Not working

I am trying to set up static translation from out side to inside. I couldn't get across. Debug shows incrementing untranslate_hits . Seen few discussion for this topic but no resolution any where. THanks for your help. Attaching config for reference.

interface Ethernet0/0

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet0/1

nameif inside

security-level 100

ip address 10.201.8.10 255.255.255.0

!

interface Ethernet0/2

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet0/3

nameif outside

security-level 100

ip address 10.201.66.12 255.255.255.0

!

access-list outside_access_in extended permit tcp any host 10.201.66.20 eq telnet log

static (inside,outside) 10.201.66.20 10.201.8.2 netmask 255.255.255.255

access-group outside_access_in in interface outside

telnet 10.201.8.0 255.255.255.0 inside

Packet tracer output

packet-tracer input outside tcp 10.201.66.1 1025 10.201.66.20 telnet

Phase: 1

Type: FLOW-LOOKUP

Subtype:

Result: ALLOW

Config:

Additional Information:

Found no matching flow, creating a new flow

Phase: 2

Type: UN-NAT

Subtype: static

Result: ALLOW

Config:

static (inside,outside) 10.201.66.20 10.201.8.2 netmask 255.255.255.255

match ip inside host 10.201.8.2 outside any

static translation to 10.201.66.20

translate_hits = 0, untranslate_hits = 7

Additional Information:

NAT divert to egress interface inside

Untranslate 10.201.66.20/0 to 10.201.8.2/0 using netmask 255.255.255.255

Phase: 3

Type: ACCESS-LIST

Subtype:

Result: DROP

Config:

Implicit Rule

Additional Information:

Result:

input-interface: outside

input-status: up

input-line-status: up

output-interface: inside

output-status: up

output-line-status: up

Action: drop

Drop-reason: (acl-drop) Flow is denied by configured rule

2 REPLIES
Cisco Employee

Re: Static or nat from outside to inside -- Not working

Hi,

Your Outside and Inside Interfaces are on same security level.

If you do not have "same-security-traffic permit inter-interface" , this will not work.

*Please rate if helped.

-Kanishka

New Member

Re: Static or nat from outside to inside -- Not working

Wonderfull that made the trick.

130
Views
5
Helpful
2
Replies