I configured a router to do double nat (overlapping ip addresses) a while back. Now, suddenly, my users report that they cannot access the server by it's nat'd address. when they traceroute to the nat'd address, it traces to the router doing the natting, when i ping/tracert to the router, from the server, it works. I cannot ping/tracerouter through the natting router.
I'm looking at the config, and it should be working. The only changte that has been made in the past couple of months, is that I removed a router from the path, implementing vlans, but I've modified the routes on the devices between the server and the natting router, adn the tracert works! Arrgh.
Here's the current running-config of the natting router.
Current configuration : 1378 bytes
service timestamps debug uptime
service timestamps log uptime
logging buffered 4096 debugging
no logging console
enable secret xxx
enable password xxx
no ip address
description connected to County Network
ip address 10.90.204.12 255.255.255.128
ip nat outside
description connected to City Network
ip address 10.20.14.100 255.255.0.0
ip nat inside
ip nat pool city 192.168.69.17 192.168.69.22 netmask 255.255.255.248
ip nat inside source list 1 pool city
ip nat outside source static 192.168.5.11 192.168.69.2
ip route 0.0.0.0 0.0.0.0 10.90.204.1
ip route 10.10.0.0 255.255.0.0 10.20.14.31
ip route 10.70.0.0 255.255.0.0 10.20.14.31
ip route 192.168.20.50 255.255.255.255 10.90.204.1
ip route 192.168.69.2 255.255.255.255 Ethernet0
ip route 192.168.69.16 255.255.255.248 FastEthernet0
in such situation i prefer you use a sniffer (etherreal) in inside and outside the nating router to see what hapens exactly, then you can follow the packet till the destination and find who is the wrong point!
etherreal is freeware, think to use filters when capturing
This document gives several answers on frequently asked questions for PFRv3 channel state behavior.
Q1: What are all the channel operational states from a BR (border role) perspective and what are the rules/conditions to be in each st...
The need was to reach an host inside a LAN through a VPN connection managed by the LAN gateway (Cisco 1921).
The LAN gateway performs NAT and there was a dedicate nat rule for the host i wanted to reach through VPN.
I couldn't connect to the hos...
We have 3 identical switches configured by someone else and would like to claim some of the Gigabit ports(G1/G2/G3/G4) for use on servers. When we try to change the wiring and configuration, we run in to connectivity issues. Attached is a des...