Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NAT issues

Hi all,

I have some annoying problem with NAT.

So the thing is: I have a public IP range (69.168.66.128/25) assigned to some clients in building. Than I have a private network (172.16.0.0) and in this network I have a web server. This server supposed  to be accessable from the web, so I wrote a static nat rule

ip nat inside source static tcp 172.16.10.13 80 69.168.66.207 80

This is working fine until  I have clients from 'inside' public range of 69.168.66.128/25 - they can ping this (69.168.66.207) ip address, but they can't connect to port 80 (web-server). I have no problems with 'Internet-clients' - NAT is working fine for them, the only problem is this range.

When I tried

ip nat traslations 

I'm getting good translations from Intrnet, and no translations from the inside public range.

It is possible, that it is not a NAT issue, cause  I'm using the NAT-on-a-stick (have only one interface on a router, couple of vlans - legacy confs...) So this process is setup just on one phys interface with a bunch of subifs.

Maybe I should try doing NAT throug the Loopback or throug the NVI? I realy can't see what is the difference...

Thanks.

Everyone's tags (4)
4 REPLIES

NAT issues

Hi T.Yermolenko

How about the telnet to port 80 for 69.168.66.207. Does that go through ?

Can you apply an extened ACL and do a match for the Server and Port 80 and log it and see if we have matching packets ?

Personally I don't think NAT-on-a-stick will cause any issues if we have the right routing and NAT configs in place..

Regards

Varma

New Member

Re: NAT issues

Hi Varma,

The thing is - I can use web-server normally if I'm "in the Internet" But. I can't use it from any address in   69.168.66.128/25 network - though I can ping server's external IP (in this case  69.168.66.207) and get reply from it. But I can't connect to port 80. And when I check nat translations - there no any in table. Again, if I'm using any other source except 69.168.66.128/25  - its working perfect.

Taras

Re: NAT issues

Hi Taras

What about normal telnet to port 23 from 69.168.66.128/25 Subnet to 69.168.66.207..I think the NAT Translations are not seen as the Interface on which the packet sourced from 69.168.66.128/25 arrives is not a NATTed Interface...

If we enable ip nat outside on the 69.168.66.128/25 subnet we should be seeing the translations..

Meanwhile I am thinking what could be allowing ping response to the Private IP but restricting TCP 80 connections..

Regards

Varma

Silver

NAT issues

If I got it right, I think NVI should fix it, because when you did NAT you assigned your Internet interface the NAT outside, and the sub-interface connected to the private IP range the NAT inside so the sub-interface connected to the public IP range does not apply to the NAT rule you configured..

---

Posted by WebUser Ahmed Rasmy

522
Views
0
Helpful
4
Replies