"IP NAT OUTSIDE" not working. Can't figure out why.

I have a Cisco 1721 router where I need to translate the destination address for a client connection. The configuration I am using is below:

interface fasthethernet 1
ip address 172.16.195.49 255.255.255.0
ip nat inside

interface serial 0
ip address 10.10.10.4 255.255.255.0
ip nat outside

ip route 10.100.134.201 255.255.255.0 10.10.10.3
ip route 172.16.191.0 255.255.255.0 172.16.195.1

ip nat outside source static 10.100.134.201 192.168.134.201
ip nat outside source static 10.100.134.202 192.168.134.202
ip nat outside source static 10.100.134.203 192.168.134.203
ip nat outside source static 10.100.134.204 192.168.134.204
ip nat outside source static 10.100.134.205 192.168.134.205
ip nat outside source static 10.100.134.206 192.168.134.206
ip nat outside source static 10.100.134.199 192.168.134.199

I have users sourcing from 172.16.191.x that needed to reach 10.100.134.x but were routing 10.100.134.x through another client connection so we were asked if we can NAT there 10.100.134.x addresses to something else the users can route to. I picked the 192.168.134.x range since it's not in use.
The users are sourcing from the inside interface to 192.168.134.199 but can not establish a connection. I have "ip accounting" configured on both interfaces and see no traffic. I also ran "debug ip nat" and had the user try sourcing from 172.16.191.x to 192.168.134.199 and nothing comes up in the debug.

I verified routing, the user can ping the 172.16.195.48 interface and I see traffic passing through the firewall right before it hits the router but I see no translation on the router.

What am I missing???

Thanks for any help.

jjbbiirrdd_73Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MrJemsonCommented:
Why the heck are you trying to nat a private address in the first place?
0
jjbbiirrdd_73Author Commented:
Well, I thought I explained that above, but we have another existing client that is using the 10.10.134.0/24 address space and this new client is also currently using this address space. I know it's not ideal and I inherited this network and in the process of re-architecting it. Regardless, why would'nt this work?
0
JFrederick29Commented:
The Firewall has a route to the 192.168.134.0/24 addresses via the router (172.16.195.49), right?  Also, add a route to the router for the NAT addresses (unless your default is via the Serial):

ip route 192.168.34.0/24 255.255.255.0 10.10.10.3  <--needs to be routed out NAT outside interface
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

JFrederick29Commented:
Sorry, typo, should be:

ip route 192.168.134.0/24 255.255.255.0 10.10.10.3  <--needs to be routed out NAT outside interface
                           ^
0
jjbbiirrdd_73Author Commented:
That is probably it. I think I had the order of operation backwards when I was troubleshooting this. To fix this we basically reversed the inside and outside interfaces and did a static inside nat instead. But before we did the fix I did not have a default route set up or a route for 192.168.134.0/24  pointing to the serial interface. Can't believe I missed something as simple as that. Thanks for your help JFrederick29, it is most appreciated.
0
jjbbiirrdd_73Author Commented:
Thanks for he quick and accurate response.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.