Re: Strange NAT problem from Christopher Copley on 2011-03-15 (Ccielab archives 03/2011)

From: Christopher Copley <copley.chris_at_gmail.com>
Date: Tue, 15 Mar 2011 22:37:53 -0400

Gavin,

You appear to be correct, it is a order of operations issue. My programming
was correct, but putting in the the Port forwarding in first did the trick.
Thanks,
Chris

On Tue, Mar 15, 2011 at 6:50 PM, Gavin Schokman <g_schokman_at_yahoo.com.au>wrote:

>
> Hi Chris,
>
> Your config looks right.
> If my memory serves correctly, I think it's an ordering problem, i.e. most
> specific statement has to be entered first.
>
> Try flipping them around, i.e.
> ip nat inside source static tcp 192.168.100.105 23 155.1.1.5 555 extendable
> ip nat inside source list 10 interface FastEthernet0/0 overload
>
> I'm not near my machine at the moment to test it though.
>
> Cheers,
> Gavin
>
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> Christopher Copley
> Sent: 15 March 2011 14:47
> To: Cisco certification
> Subject: Strange NAT problem
>
> All,
>
> I need a second set of eyes b/c I think I am going crazy here. I am trying
> to do a simple NAT problem in my lab and I can not figure it out.
>
> 1. I need to have all my inside hosts get PAT to the outside interface IP
> address 2. I need port forwarding from the outside from F0/0 IP address
> tcp
> port
> 555 to the inside host 192.168.100.105 on port 23
>
> I logically set up my config like this....
>
> =================================
> interface FastEthernet0/0
> ip address 155.1.1.5 255.255.255.0
> ip nat outside
> ip virtual-reassembly
> !
> interface FastEthernet0/1
> ip address 192.168.100.1 255.255.255.0
> ip nat inside
> ip virtual-reassembly
>
>
>
> ip nat inside source list 10 interface FastEthernet0/0 overload ip nat
> inside source static tcp 192.168.100.105 23 155.1.1.5 555 extendable
>
> access-list 10 permit 192.168.100.0 0.0.0.255
> =================================
>
>
> In my mind this should work, as I think I have got it to work like this in
> the past, but it is not. I have a test PC in my lab and I can not see the
> connection. Can someone tell me what I might be doing wrong?
>
> Chris
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Tue Mar 15 2011 - 22:37:53 ART

This archive was generated by hypermail 2.2.0 : Fri Apr 01 2011 - 06:35:41 ART