?
Solved

Static NAT Cisco 1605r

Posted on 2003-03-21
2
Medium Priority
?
440 Views
Last Modified: 2010-03-19
Hello,

I am trying to statically NAT 4 IP's thru a Cisco 1605

Below is my configuration, passwords and IP's changed to protect the
innocent.

Now when I bring this online I am able to get out to the internet from
all machines except 192.168.1.3 (1.1.1.2).  I am also able to ping all
machines from the outside EXCEPT 1.1.1.2.   I also have a problem
going from an internal machine to a NAT'd external IP... ie
http://1.1.1.3 will produce a page cannot be displayed error, from an
internal machine. I seem to recall some kind of loop problem.  I have verified
the internal machines configuration, gateway, ip etc...  Any
help would be greatly appreciated.  If you need clarification please
ask.

Thanks
Ben

!
version 12.0
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Cisco1605
!
enable password 7 123456
!
ip subnet-zero
no ip domain-lookup
!
!
!
interface Ethernet0
description connected to Cisco1548
ip address 192.168.1.1 255.255.255.0
no ip directed-broadcast
ip nat inside
!
interface Ethernet1
description connected to Internet
ip address 1.1.1.6 255.255.255.248
no ip directed-broadcast
ip nat outside
!
interface Serial0
no ip address
no ip directed-broadcast
no ip mroute-cache
shutdown
!
router rip
version 2
passive-interface Ethernet1
network 192.168.1.0
no auto-summary
!
ip nat inside source list 1 interface Ethernet1 overload
ip nat inside source static 192.168.1.3 1.1.1.2
ip nat inside source static 192.168.1.4 1.1.1.3
ip nat inside source static 192.168.1.2 1.1.1.4
ip nat inside source static 192.168.1.5 1.1.1.5
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet1
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
line con 0
exec-timeout 0 0
password 7 123456
login
transport input none
line vty 0 4
password 7 123456
login
!
end
0
Comment
Question by:usbenny
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 225 total points
ID: 8184605
> I also have a problem
> going from an internal machine to a NAT'd external IP... ie
http://1.1.1.3 will produce a page cannot be displayed error,

Working as designed.

Change your access-list 1 to prevent these static systems from using the nat pool/interface:

access-list 1 deny 192.168.1.2
access-list 1 deny 192.168.1.3
access-list 1 deny 192.168.1.4
access-list 1 deny 192.168.1.5
access-list 1 permit 192.168.1.0 0.0.0.255

be sure to clear the xlates:
router#clear ip nat trans *

0
 

Author Comment

by:usbenny
ID: 8190601
Thank-you for the answer.  I added the entries and it made no difference for whatever reason.  However I got around this problem by changing my DNS to internal IP's since Cisco translates the IP's in DNS requests for statically NAT'd IP's.

I also solved the first problem.  Turns out that a Cisco ubr900 router in front of the 1605R had cached the MAC of a previous host.  After rebooting the ubr900 everything was hunky-dory! ;)

0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question