Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IOS 2 way NAT issue

Have an issue trying to get IOS to NAT both src and dst addresses.

It looks like traffic is being NAT'ed ok going from outside to in and i can see a reponse packet coming into the inside interface on the NAT router but it gets lost and never makes it back through the outside interface.

When i ping from 1.1.1.2 to 172.109.31.1 no reply but nat seems to be working- only 1 way though

debug ip nat

*Mar  1 00:31:50.231: NAT*: o: icmp (1.1.1.2, 11) -> (172.109.31.1, 11) [55]   
*Mar  1 00:31:50.235: NAT*: o: icmp (1.1.1.2, 11) -> (172.109.31.1, 11) [55]
*Mar  1 00:31:50.235: NAT*: s=1.1.1.2->192.168.241.128, d=172.109.31.1 [55]
*Mar  1 00:31:50.239: NAT*: s=192.168.241.128, d=172.109.31.1->172.26.0.1 [55]

i feel i am missing something obvious

All assistance appreciated

test topology:

test rtr-------------outside---NATrtr----inside---------test target 172.26.0.1

cfg extract shown

interface FastEthernet0/0
ip address 192.168.241.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial0/0
ip address 1.1.1.1 255.255.255.0
ip nat outside
ip virtual-reassembly
clock rate 2000000
!
!
ip route 172.26.0.0 255.255.0.0 192.168.241.2
!
!ip nat inside source static 172.26.0.1 172.109.31.1
ip nat outside source static 1.1.1.2 192.168.241.128
!

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: IOS 2 way NAT issue

Hi,

I think for NVI, the regular NAT rule wont work. Because in NVI there is no concept of inside and outside network, you need to remove the inside/outside from your NAT rule.

I think your problem is there is no route for the return traffic. try add a static route for 192.168.241.128, and point to s0/0, see if that helps.

Regards,

Lei Tian

3 REPLIES
Cisco Employee

Re: IOS 2 way NAT issue

Hello,

Please try using "NAT Virtual Router" feature and see if that helps.

interface FastEthernet0/0

ip address 192.168.241.1 255.255.255.0

no ip nat inside

ip nat enable

ip virtual-reassembly

duplex auto

speed auto

!

interface Serial0/0

ip address 1.1.1.1 255.255.255.0

no ip nat outside

ip nat enable

ip virtual-reassembly

clock rate 2000000

Once you configure "ip nat enable" under both interfaces, remove and reapply

the NAT rules.

Hope this helps.

Regards,

NT

Cisco Employee

Re: IOS 2 way NAT issue

Hi,

I think for NVI, the regular NAT rule wont work. Because in NVI there is no concept of inside and outside network, you need to remove the inside/outside from your NAT rule.

I think your problem is there is no route for the return traffic. try add a static route for 192.168.241.128, and point to s0/0, see if that helps.

Regards,

Lei Tian

New Member

Re: IOS 2 way NAT issue

folks,

many thanks for the replies...tried both.

The NVI did not help but putting a static host route into the config achieved the desired result.

Interestingly there is also an option to do this on the  outside source static command .........add-route

I stumbled over this by accident when trying out the suggestions.

cheers

1260
Views
0
Helpful
3
Replies