RE: NAT problem

From: Pickell, Aaryn (Aaryn.Pickell@xxxxxxxxxxxxx)
Date: Wed Apr 04 2001 - 21:44:21 GMT-3

• Next message: Greg Ferro: "Fwd: Re: Gigabit ethernet distance limitation (off topic )"
• Previous message: Patrick Duroseau: "NAT problem"
• Maybe in reply to: Patrick Duroseau: "NAT problem"
• Next in thread: Rodgers Moore: "Re: NAT problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
What do you see when you run a debug ip nat detail?

Is it translating on the way out, or failing there?

At a guess, I would turn off fast switching on the outside interface, but
the debug will give more information.

Aaryn Pickell - CCNP, CCDP, MCSE
Senior Engineer - Routing Protocols
Getronics Inc.
Direct: 713-394-1609
Email:aaryn.pickell@getronics.com

> -----Original Message-----
> From: Patrick Duroseau [mailto:pduroseau@marnictech.com]
> Sent: Wednesday, April 04, 2001 7:06 PM
> To: Ccielab@Groupstudy.Com (E-mail)
> Subject: NAT problem
>
>
> Has anyone seen a problem with static nat. Below is sample of
> a config where
> I have 2 internal ethernet interfaces and one external serial
> interface. The
> intent is to NAT everyone internal going out external to the serial
> interface IP address (in this case the unnumbered address),
> except for one
> static address.
>
> When I implement this config all the overloaded translations
> work fine, the
> problem is with the static. I see when a connection is
> initiated from the
> outside it gets translated and sent to the proper host. The
> sniffer shows
> that the host responds, acknowledging the SYN packet, but it
> appears that
> packet never leaves the router towards the initiating host,
> as a result the
> connection gets dropped.
>
> Any suggestions???
>
> BTW, router is a 2621 w/ 12.0(7)
>
> interface s0/0
> ip address unnumbered e0
> ip nat outside
>
> interface e0
> ip address 172.16.10.1 255.255.255.0
> ip nat inside
>
> interface e1
> ip address 172.16.5.10 255.255.255.0
> ip nat inside
>
> ip nat inside source list 116 interface serial0 overload
>
> ip nat inside source static 172.16.5.5 1.1.1.1
> !1.1.1.1 is a valid address routed from the Internet to my
> serial interface
>
> ip route 0.0.0.0 0.0.0.0 interf s0/0
>
> access-list 116 deny ip host 172.16.5.5 any
> access-list 116 permit ip any any
>
> ---------------------------------
> PD

• Next message: Greg Ferro: "Fwd: Re: Gigabit ethernet distance limitation (off topic )"
• Previous message: Patrick Duroseau: "NAT problem"
• Maybe in reply to: Patrick Duroseau: "NAT problem"
• Next in thread: Rodgers Moore: "Re: NAT problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:29:40 GMT-3