Is It Possible to Ping Static NAT Address?

Discussion in 'Cisco' started by mike, Aug 23, 2006.

  1. mike

    mike Guest

    I made a post yesterday, but probably made it way to confusing.

    I guess my question is: is it possible to ping a device that has been
    assigned a static NAT address?

    For instance, I have a server 10.10.10.1

    On my router I have:

    ip nat inside source static 10.10.10.1 205.175.14.11

    On my access list, I have permit icmp any host 205.175.14.11 echo-reply

    But when I try to ping 205.175.14.11, I get "destination net unreachable"
    from the router for the network on which the server resides.

    Thank you
    mike, Aug 23, 2006
    #1
    1. Advertising

  2. In article <>,
    mike <> wrote:

    >I guess my question is: is it possible to ping a device that has been
    >assigned a static NAT address?


    >For instance, I have a server 10.10.10.1


    >On my router I have:


    >ip nat inside source static 10.10.10.1 205.175.14.11


    >On my access list, I have permit icmp any host 205.175.14.11 echo-reply


    Which access list is that?

    >But when I try to ping 205.175.14.11, I get "destination net unreachable"
    >from the router for the network on which the server resides.


    ip nat inside is not used unless the traffic makes its way to
    an interface where ip nat outside has been configured. When your
    traffic crosses between "inside" and "outside" that's automatic
    but when you are trying to have the ping loop around, the traffic is
    coming from the inside and destined to the inside so there is no
    crossing.

    I have not configured IOS nat myself so I don't know which tricks are
    available. If the above is something you -need- to do then you
    plausibly might have to configure a loopback interface in the mix.

    But -needing- to do this is uncommon: usually it is better to
    set up DNS so that you get handed different IPs depending on which
    side is doing the asking. Some people have said that they need to
    do this "for monitoring purposes", but I'm not certain what the point
    is considering all the different ways that looping back through a local
    router differs from accessing through a remote host
    Walter Roberson, Aug 23, 2006
    #2
    1. Advertising

  3. mike

    James Guest

    If the access-list is bound to the outside interface then try changing
    your access list to icmp echo and not echo-reply:-

    permit icmp any host 205.175.14.11 echo

    James


    Walter Roberson wrote:
    > In article <>,
    > mike <> wrote:
    >
    > >I guess my question is: is it possible to ping a device that has been
    > >assigned a static NAT address?

    >
    > >For instance, I have a server 10.10.10.1

    >
    > >On my router I have:

    >
    > >ip nat inside source static 10.10.10.1 205.175.14.11

    >
    > >On my access list, I have permit icmp any host 205.175.14.11 echo-reply

    >
    > Which access list is that?
    >
    > >But when I try to ping 205.175.14.11, I get "destination net unreachable"
    > >from the router for the network on which the server resides.

    >
    > ip nat inside is not used unless the traffic makes its way to
    > an interface where ip nat outside has been configured. When your
    > traffic crosses between "inside" and "outside" that's automatic
    > but when you are trying to have the ping loop around, the traffic is
    > coming from the inside and destined to the inside so there is no
    > crossing.
    >
    > I have not configured IOS nat myself so I don't know which tricks are
    > available. If the above is something you -need- to do then you
    > plausibly might have to configure a loopback interface in the mix.
    >
    > But -needing- to do this is uncommon: usually it is better to
    > set up DNS so that you get handed different IPs depending on which
    > side is doing the asking. Some people have said that they need to
    > do this "for monitoring purposes", but I'm not certain what the point
    > is considering all the different ways that looping back through a local
    > router differs from accessing through a remote host
    James, Aug 24, 2006
    #3
  4. mike

    The Dude Guest

    "mike" <> wrote in message
    news:...
    >I made a post yesterday, but probably made it way to confusing.
    >
    > I guess my question is: is it possible to ping a device that has been
    > assigned a static NAT address?
    >
    > For instance, I have a server 10.10.10.1
    >
    > On my router I have:
    >
    > ip nat inside source static 10.10.10.1 205.175.14.11


    So, you want to reach the server via 205.175.14.11. Now, when you configure
    a static IP, shouldn't you add the subnet mask of the server?

    The Dude
    The Dude, Aug 26, 2006
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Anonymous Poster
    Replies:
    0
    Views:
    10,503
    Anonymous Poster
    Apr 26, 2004
  2. Andrew Albert
    Replies:
    1
    Views:
    3,823
    Rod Dorman
    Feb 8, 2005
  3. rnorred
    Replies:
    4
    Views:
    2,889
    Walter Roberson
    Apr 18, 2005
  4. Ronald de Leeuw
    Replies:
    2
    Views:
    14,118
  5. Replies:
    1
    Views:
    441
    Brian V
    Sep 22, 2007
Loading...

Share This Page