Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Cisco NAT by port - challenging question

Reply
Thread Tools

Cisco NAT by port - challenging question

 
 
nick.milako nick.milako is offline
Junior Member
Join Date: Nov 2009
Posts: 1
 
      11-24-2009
Hey all,

My goal is to forward all traffic from an inside LAN that requests port 21 to an external (internet) IP address.

I've been told to look into policy based routing and NAT, and after about 20 hours of researching and testing, I've learned so much.

Anyway, I'm trying to test the following simple configuration and I CANNOT get NAT to work for the life of me. Any ideas why not?

Topology:
hxxp://imgur.com/eooK3.jpg

Configuration:
Router#show ip nat statistics
Total active translations: 0 (0 static, 0 dynamic; 0 extended)
Outside interfaces:
FastEthernet1/0, FastEthernet2/0
Inside interfaces:
FastEthernet0/0
Hits: 28 Misses: 5
Expired translations: 5
Dynamic mappings:
-- Inside Destination
access-list 111 pool hello refcount 0
pool hello: netmask 255.255.255.0
start 5.5.5.0 end 5.5.5.50
type rotary, total addresses 51, allocated 0 (0%), misses 0

Summary: C0 is 192.168.2.2, F0/0
C1 is 192.168.3.2, F1/0
C2 is 192.168.4.2, F2/0


Access List
Router#show access-lists
Extended IP access list 111
permit tcp any any


At this point, I initiate a TCP connection from C0 to C1. The NAT should kick in on interface F0/0 (C0's inside interface), and translate the destination IP from C1 (192.168.3.2) to 5.5.5.0 (from the pool, invalid address but I just want to see it translated). However, NAT does NOTHING. Even though the access list was MATCHED. Here's the outcome of NAT debug:

Router#
03:20:29: NAT: i: tcp (192.168.2.2, 1081) -> (192.168.3.2, 80) [3471]
03:20:29: NAT: o: tcp (192.168.3.2, 80) -> (192.168.2.2, 1081) [383]
03:20:29: NAT: o: tcp (192.168.3.2, 80) -> (192.168.2.2, 1081) [385]
03:20:29: NAT: i: tcp (192.168.2.2, 1081) -> (192.168.3.2, 80) [3476]

And when I check access list again, I see that the match was indeed made:
Router#show access-lists
Extended IP access list 111
permit tcp any any (2 matches)


Why isn't NAT kicking in even while the access-list is being matched? I'm so stumped, been stuck here for hours.

Any help would really be appreciated, thanks so much!

-Nick
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
The Most Challenging Interview Question Garrett Smith Javascript 79 05-15-2010 08:05 PM
ip nat translation port-timeout -- WHICH port? Jon.R.Kibler@gmail.com Cisco 1 07-30-2008 10:04 PM
Challenging question regarding AJAX Toolkit AutoCompleteExtender andURL rewriting mazdotnet ASP .Net 2 03-20-2008 12:27 PM
Cisco 1801 - ADSL/PPPoE - IPSec - Static NAT ---- 56K Dial Backup - NAT Overload skweetis Cisco 0 12-11-2006 04:33 PM
Three question which is not yet answered clearly and correct so far !! challenging question in xsl and also in xsl fo Philip Meyer XML 0 11-30-2003 04:42 PM



Advertisments