Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 795
  • Last Modified:

"IP NAT OUTSIDE" not working. Can't figure out why.

I have a Cisco 1721 router where I need to translate the destination address for a client connection. The configuration I am using is below:

interface fasthethernet 1
ip address 172.16.195.49 255.255.255.0
ip nat inside

interface serial 0
ip address 10.10.10.4 255.255.255.0
ip nat outside

ip route 10.100.134.201 255.255.255.0 10.10.10.3
ip route 172.16.191.0 255.255.255.0 172.16.195.1

ip nat outside source static 10.100.134.201 192.168.134.201
ip nat outside source static 10.100.134.202 192.168.134.202
ip nat outside source static 10.100.134.203 192.168.134.203
ip nat outside source static 10.100.134.204 192.168.134.204
ip nat outside source static 10.100.134.205 192.168.134.205
ip nat outside source static 10.100.134.206 192.168.134.206
ip nat outside source static 10.100.134.199 192.168.134.199

I have users sourcing from 172.16.191.x that needed to reach 10.100.134.x but were routing 10.100.134.x through another client connection so we were asked if we can NAT there 10.100.134.x addresses to something else the users can route to. I picked the 192.168.134.x range since it's not in use.
The users are sourcing from the inside interface to 192.168.134.199 but can not establish a connection. I have "ip accounting" configured on both interfaces and see no traffic. I also ran "debug ip nat" and had the user try sourcing from 172.16.191.x to 192.168.134.199 and nothing comes up in the debug.

I verified routing, the user can ping the 172.16.195.48 interface and I see traffic passing through the firewall right before it hits the router but I see no translation on the router.

What am I missing???

Thanks for any help.

0
jjbbiirrdd_73
Asked:
jjbbiirrdd_73
  • 3
  • 2
1 Solution
 
MrJemsonCommented:
Why the heck are you trying to nat a private address in the first place?
0
 
jjbbiirrdd_73Author Commented:
Well, I thought I explained that above, but we have another existing client that is using the 10.10.134.0/24 address space and this new client is also currently using this address space. I know it's not ideal and I inherited this network and in the process of re-architecting it. Regardless, why would'nt this work?
0
 
JFrederick29Commented:
The Firewall has a route to the 192.168.134.0/24 addresses via the router (172.16.195.49), right?  Also, add a route to the router for the NAT addresses (unless your default is via the Serial):

ip route 192.168.34.0/24 255.255.255.0 10.10.10.3  <--needs to be routed out NAT outside interface
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
JFrederick29Commented:
Sorry, typo, should be:

ip route 192.168.134.0/24 255.255.255.0 10.10.10.3  <--needs to be routed out NAT outside interface
                           ^
0
 
jjbbiirrdd_73Author Commented:
That is probably it. I think I had the order of operation backwards when I was troubleshooting this. To fix this we basically reversed the inside and outside interfaces and did a static inside nat instead. But before we did the fix I did not have a default route set up or a route for 192.168.134.0/24  pointing to the serial interface. Can't believe I missed something as simple as that. Thanks for your help JFrederick29, it is most appreciated.
0
 
jjbbiirrdd_73Author Commented:
Thanks for he quick and accurate response.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now