Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Issue with NAT

Hello Everyone

I have the following issue regarding NAT. I have a client with a Cisco 1700 router. On this router there's a NAT pool - 120/24. That's 100 WAN addresses being NAT'ed. The FE has an address of The rest of the pc's and devices have ip's of

The problem I am having is that the LAN at this specific site works fine when the users connect with their pc's to the mainframe in another city, many miles away. But when they request a printjob from the mainframe, they do not get the printjob. The mainframe ip is The printer LAN ip is which gets nat'ed to when WAN devices need to communicate.

I also have to mention that this client's router is connected to a bigger router routerforcustomers, which has many other customer routers connecting to it.

I have enquired from the mainframe engineers and they say the print queue for the above printer show a lot of jobs pending, so the printer gets the requests. I then proceeded to ask the one mainframe engineer to trace from the mainframe to the printer ip to see what happens. The trace indicates that it times out on the routerforcustomers router. Yet when I ask the routerforcustomers router where it is routing the ip it shows there is a static route for it down S0/2.10 which is the serial for this specific customer. So why can the router not pass things on to the customer router in order to get the printer to print the jobs? There are no access lists on any of the 2 routers mentioned to block things?

Please help.

Thank You



Re: Issue with NAT

Since you mentioned ACLs blocking, does the head router specifically allow that port through that's needed for the print job? Same with the 1700?

New Member

Re: Issue with NAT


I have the following ACL on the main router.

Extended IP access list 150

permit udp any eq domain any gt 1023

permit tcp host eq telnet any

permit ip host any

permit icmp host any

Where is the mainframe ip.

Applying this ACL to the interface on the main router for this customer, am I correct by saying that it must be applied as in on the main router's serial?

And on the customer's router, can I just have a normal acl on the router to allow traffic from the mainframe?