Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Static NAT Cisco 1605r

Posted on 2003-03-21
2
Medium Priority
?
448 Views
Last Modified: 2010-03-19
Hello,

I am trying to statically NAT 4 IP's thru a Cisco 1605

Below is my configuration, passwords and IP's changed to protect the
innocent.

Now when I bring this online I am able to get out to the internet from
all machines except 192.168.1.3 (1.1.1.2).  I am also able to ping all
machines from the outside EXCEPT 1.1.1.2.   I also have a problem
going from an internal machine to a NAT'd external IP... ie
http://1.1.1.3 will produce a page cannot be displayed error, from an
internal machine. I seem to recall some kind of loop problem.  I have verified
the internal machines configuration, gateway, ip etc...  Any
help would be greatly appreciated.  If you need clarification please
ask.

Thanks
Ben

!
version 12.0
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Cisco1605
!
enable password 7 123456
!
ip subnet-zero
no ip domain-lookup
!
!
!
interface Ethernet0
description connected to Cisco1548
ip address 192.168.1.1 255.255.255.0
no ip directed-broadcast
ip nat inside
!
interface Ethernet1
description connected to Internet
ip address 1.1.1.6 255.255.255.248
no ip directed-broadcast
ip nat outside
!
interface Serial0
no ip address
no ip directed-broadcast
no ip mroute-cache
shutdown
!
router rip
version 2
passive-interface Ethernet1
network 192.168.1.0
no auto-summary
!
ip nat inside source list 1 interface Ethernet1 overload
ip nat inside source static 192.168.1.3 1.1.1.2
ip nat inside source static 192.168.1.4 1.1.1.3
ip nat inside source static 192.168.1.2 1.1.1.4
ip nat inside source static 192.168.1.5 1.1.1.5
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet1
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
line con 0
exec-timeout 0 0
password 7 123456
login
transport input none
line vty 0 4
password 7 123456
login
!
end
0
Comment
Question by:usbenny
2 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 225 total points
ID: 8184605
> I also have a problem
> going from an internal machine to a NAT'd external IP... ie
http://1.1.1.3 will produce a page cannot be displayed error,

Working as designed.

Change your access-list 1 to prevent these static systems from using the nat pool/interface:

access-list 1 deny 192.168.1.2
access-list 1 deny 192.168.1.3
access-list 1 deny 192.168.1.4
access-list 1 deny 192.168.1.5
access-list 1 permit 192.168.1.0 0.0.0.255

be sure to clear the xlates:
router#clear ip nat trans *

0
 

Author Comment

by:usbenny
ID: 8190601
Thank-you for the answer.  I added the entries and it made no difference for whatever reason.  However I got around this problem by changing my DNS to internal IP's since Cisco translates the IP's in DNS requests for statically NAT'd IP's.

I also solved the first problem.  Turns out that a Cisco ubr900 router in front of the 1605R had cached the MAC of a previous host.  After rebooting the ubr900 everything was hunky-dory! ;)

0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question