Cisco 831 NAT/PAT Problem

Discussion in 'Cisco' started by Jens Bretschneider, Jan 27, 2008.

  1. Hi,

    I've got a problem dealing with Cisco-NAT.

    I've a device which is reachable on the IP 169.254.1.1, with no route set.
    For some reasons I can't change this setting nor set a route.

    I've tried to set up a Cisco 831 with source- and destination-NAT, so the SA
    gets translated to the 169.254.1.1xx pool and the DA to 169.254.1.1.

    The WAN Net of the Cisco is 212.202.254.225/28.

    The Cisco is konfigured as follows:

    interface Ethernet0
    description "LAN"
    ip address 169.254.1.254 255.255.0.0
    ip nat inside
    !
    interface Ethernet1
    description "WAN"
    ip address 212.202.254.226 255.255.255.240
    ip nat outside
    !
    ip route 0.0.0.0 0.0.0.0 212.202.254.225
    !
    ip nat pool apipa-pool 169.254.1.100 169.254.1.199 netmask 255.255.0.0
    ip nat inside source static 169.254.1.1 212.202.254.227
    ip nat outside source list 1 pool apipa-pool
    !
    access-list 1 permit 195.90.0.0 0.0.255.255
    access-list 1 remark "The Network where the clients reside"

    When I now start telnet on my Host 195.90.0.241, it just hangs:

    xxx@host:~> telnet 212.202.254.227
    Trying 212.202.254.227...

    On the 169.254.1.1 target device, the debugging looks like the following
    lines:

    01/23/2008-15:04:02:IP-FILTER: I:pROTO 6 (TCP) pkt from 169.254.1.100/1993
    01/23/2008-15:04:02:IP-FILTER: to 169.254.1.1/23 accepted, SYN Flag
    01/23/2008-15:04:02:IP-FILTER: O:pROTO 6 (TCP) pkt from 169.254.1.1/23
    01/23/2008-15:04:02:IP-FILTER: to 169.254.1.100/1993 accepted, SYN/ACK
    Fls

    So the packets are sent correct and get answered.

    Debugging on the Cisco 831 looks like this:

    fritz#debug ip nat detailed
    IP NAT detailed debugging is on
    fritz#debug ip packet detail
    IP packet debugging is on (detailed)

    *Mar 1 11:21:32.019: NAT*: o: tcp (195.90.0.241, 1993) -> (212.202.254.227,
    23) [4363]
    *Mar 1 11:21:32.019: NAT*: o: tcp (195.90.0.241, 1993) -> (212.202.254.227,
    23) [4363]
    *Mar 1 11:21:32.019: NAT*: s=195.90.0.241->169.254.1.100, d=212.202.254.227
    [4363] <===== OK!
    *Mar 1 11:21:32.019: NAT*: s=169.254.1.100, d=212.202.254.227->169.254.1.1
    [4363] <===== OK!
    *Mar 1 11:21:32.019: NAT: installing alias for address 169.254.1.100

    *Mar 1 11:21:32.027: IP: tableid=0, s=169.254.1.1 (Ethernet0),
    d=169.254.1.100 (Ethernet0), routed via RIB
    *Mar 1 11:21:32.031: IP: s=169.254.1.1 (Ethernet0), d=169.254.1.100
    (Ethernet0), len 44, rcvd 3
    *Mar 1 11:21:32.031: TCP src=23, dst=1993, seq=1298156341,
    ack=1465516680, win=4096 ACK SYN
    *Mar 1 11:21:32.031: IP: tableid=0, s=169.254.1.100 (local), d=169.254.1.1
    (Ethernet0), routed via FIB
    *Mar 1 11:21:32.035: IP: s=169.254.1.100 (local), d=169.254.1.1
    (Ethernet0), len 40, sending
    *Mar 1 11:21:32.035: TCP src=1993, dst=23, seq=1465516680, ack=0, win=0
    RST

    NAT Table:

    fritz#show ip nat translations
    Pro Inside global Inside local Outside local Outside global
    --- --- --- 169.254.1.100 195.90.0.241
    --- 212.202.254.227 169.254.1.1 --- ---

    I don't know what's wrong. It looks like the answers are not noticed at all
    on the Cisco router, and don't get routed or NATted. Why not?

    Any help is greatly appreciated.

    Regards,
    Jens
    Jens Bretschneider, Jan 27, 2008
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jimmyzshack
    Replies:
    1
    Views:
    522
    Claude LeFort
    Nov 19, 2003
  2. Steve Richter

    cisco 831 PAT problems

    Steve Richter, May 8, 2005, in forum: Cisco
    Replies:
    0
    Views:
    444
    Steve Richter
    May 8, 2005
  3. BinSur
    Replies:
    4
    Views:
    5,801
    BinSur
    Jan 13, 2006
  4. spec
    Replies:
    2
    Views:
    1,443
    Walter Roberson
    May 25, 2006
  5. Steven Carr
    Replies:
    7
    Views:
    753
Loading...

Share This Page