Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

When applying a NAT rule, it stops our internet traffic and doesn't work

Hi all, In our HQ we have a WAN 2800 router, its LAN Eth0 address is 192.100.100.1 which is the gateway to all remote offices. Also HQ we have a firewall connected to the internet, its LAN Eth0 address is 192.100.100.254. All users on the HQ LAN have their Gateway pointing to he WAN 2800 192.100.100.1. I need to allow all users on the LAN and WAN to use an internet service on TCP port 5631. I need to forward a TCP port 5631 from the WAN 2800 Router 192.100.100.1 to re-direct to the firewall 192.100.100.254. When I applied a NAT rule on the 2800 it completed stops internet traffic, all help will be appreciated.

Kind Regards,

Rob

3 REPLIES
Hall of Fame Super Gold

Re: When applying a NAT rule, it stops our internet traffic and

Hello,

due to your topology, the 2800 cannot have any role in this design.

Now, if the connection is initiated from the inside to outside, toward port 5631, all the PCs should be able to use it and your firewall will do PAT as necessary. If it does not, please check its configuration.

If the connection is initiated from outside to inside, configure a port forward on the firewall. You will be able to specify one single "inside" address for each TCP port forwarded.

Hope this helps, please rate post if it does!

New Member

Re: When applying a NAT rule, it stops our internet traffic and

Hi thanks for the reply.

our requirments is as stated in your first statement. It is from inside to outside, the PCs point to the WAN 28xx router, then we need to re-direct their request to the firewall. The firewall PAT is working fine as if we change the PCs gateway to the firewall it works fine. Can you please provide an example config line required on the 28xx router. Thanks in advance.

Rob

Hall of Fame Super Gold

Re: When applying a NAT rule, it stops our internet traffic and

Hi,

the 2811 should not change anything in the packet from inside to outside and viceversa. It is strange that if you set the default GW as the FW address it works, but if set to router router, it does not.

The router should just have route 0.0.0.0 0.0.0.0 . Optionally you can set "no icmp redirect" so the router would never tell to PCs to use FW as gateway.

The only thing is that perhaps for some security reason the FW wants to see the packets sourced from PC on the local LAN, come in with the same source MAC address it has in ARP table, thing that would not happen in case you place the router on the same subnet and is used as GW by the PCs.

106
Views
0
Helpful
3
Replies
CreatePlease login to create content