From: Kim teu (kim.teu@gmail.com)
Date: Wed Apr 09 2008 - 09:28:11 ART
Hello Expert,
I am doing a static nat to so that outside(internet user) can access my
private ip address 10.26.26.11. Below is the config. When I performed the
packet trace, the packet is drop by a acl. Can you help me resolve it?
Thanks.
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) interface 10.26.26.11 netmask 255.255.255.255
access-list home_network standard permit 10.26.26.0 255.255.255.0
access-list outside_in extended permit udp any any eq 4673
access-list outside_in extended permit tcp any any eq 4663
access-list outside_in extended permit tcp any any eq 34795
access-list outside_in extended permit udp any any eq 34795
access-group outside_in in interface outside
# packet-tracer input outside tcp 172.20.34.145 34795 176.82.101.25 3$
Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list
Phase: 2
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 3
Type: UN-NAT
Subtype: static
Result: ALLOW
Config:
static (inside,outside) interface 10.26.26.11 netmask 255.255.255.255
nat-control
match ip inside host 10.26.26.11 outside any
static translation to 76.182.201.25
translate_hits = 15, untranslate_hits = 111
Additional Information:
NAT divert to egress interface inside
Untranslate 176.82.101.25/0 to 10.26.26.11/0 using netmask 255.255.255.255
Phase: 4
Type: ACCESS-LIST
Subtype: no-forward-rule
Result: DROP
Config:
Additional Information:
Result:
input-interface: outside
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
colbydrive#
-- May All Behappy!!! CCIE 19369 www.kimteu.com
This archive was generated by hypermail 2.1.4 : Thu May 01 2008 - 08:25:50 ART