Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Nat overload works but additional ip nat inside source static entries do not

Posted on 2011-03-19
2
Medium Priority
?
506 Views
Last Modified: 2012-05-11
The Problem:

I am transitioning from a Cisco-871 to Cisco-1841.  For the most part I copied and pasted the code.  The nating worked as shown below on the 871.  However, on the 1841 as soon as I input the inside static nat entries the servers no longer can reach the public network (Internet) but they are still reachable internally.  I have also tried pinging the pub IP from a remote location for those server that I have entered the inside static routes for and I receive no replies.  I have searched the web for a while now and I am at a loss.  I am thinking I may be running up against a bug on the IOS i am running.  c1841-adventerprisek9-mz.124-15.T7.bin

The Desired end result:
I have 5 servers behind this router that I need one to one nat entries for.
 
no aaa new-model
clock timezone PST -8
clock summer-time PST recurring
dot11 syslog
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.8.1 10.10.8.127
!
ip dhcp pool Office
   import all
   network 10.10.8.0 255.255.255.0
   default-router 10.10.8.1
   dns-server 10.10.8.8
!
!
no ip bootp server
ip domain name 
ip inspect name CBAC tcp
ip inspect name CBAC udp
!
multilink bundle-name authenticated
!
!
!
!
username 
archive
 log config
  hidekeys
!
!
!
!
ip ssh time-out 60
ip ssh version 2
!
class-map match-any sip
 match ip dscp cs3
 match access-group 100
 match protocol sip
class-map match-any rtp
 match ip dscp ef
 match protocol rtp audio
!
!
policy-map queue
 class rtp
  priority percent 40
 class sip
  bandwidth percent 9
 class class-default
  fair-queue
policy-map shape
 class class-default
  shape average 5000000
  service-policy queue
!
!
!
!
interface FastEthernet0/0
 description WAN INT
 ip address 98.x.x.148 255.255.255.240
 ip access-group Firewall in
 no ip redirects
 no ip unreachables
 ip mtu 1492
 ip nat outside
 ip inspect CBAC out
 ip virtual-reassembly
 load-interval 30
 duplex auto
 speed auto
 no cdp enable
!
interface FastEthernet0/1
 ip address 10.10.8.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 speed 100
 full-duplex
!
interface Serial0/0/0
 no ip address
 shutdown
 no fair-queue
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 98.x.x.145
!
!
no ip http server
no ip http secure-server
ip nat inside source route-map mapnatavoid interface FastEthernet0/0 overload
ip nat inside source static 10.10.8.9 98.x.x.149 extendable
ip nat inside source static 10.10.8.5 98.x.x.150 extendable
ip nat inside source static 10.10.8.7 98.x.x.151 extendable
ip nat inside source static 10.10.8.6 98.x.x.152 extendable
ip nat inside source static 10.10.8.12 98.x.x.153 extendable
!
ip access-list extended Firewall
 permit udp any host 98.x.x.150 eq 5060
 permit udp any host 98.x.x.150 range 10000 20000
 permit tcp any host 98.x.x.150 eq 5222
 permit tcp any host 98.x.x.150 eq 843
 permit tcp any host 98.x.x.150 eq 443
 permit tcp any host 98.x.x.150 eq 5269
 permit tcp any host 98.x.x.150 eq www
 permit tcp any host 98.x.x.153 eq 5721
 permit tcp any host 98.x.x.153 eq 443
 permit tcp any host 98.x.x.152 eq www
 permit tcp any host 98.x.x.152 eq 443
 permit tcp any host 98.x.x.151 eq www
 permit tcp any host 98.x.x.151 eq 443
 permit tcp any host 98.x.x.151 eq 4158
 permit tcp any host 98.x.x.151 eq 6051
 permit tcp any host 98.x.x.151 eq 6054
 permit tcp any host 98.x.x.151 eq 6151
 permit tcp any host 98.x.x.149 eq 22
 permit tcp any host 98.x.x.149 eq ftp
 permit tcp any host 98.x.x.149 eq ftp-data
 permit tcp any host 98.x.x.149 gt 1023
 permit icmp any host 98.x.x.152 echo
 permit icmp any host 98.x.x.152 echo-reply
 permit icmp any host 98.x.x.150 echo
 permit icmp any host 98.x.x.150 echo-reply
 permit icmp any host 98.x.x.148 echo
 permit icmp any host 98.x.x.148 echo-reply
 permit icmp any host 98.x.x.153 echo
 permit icmp any host 98.x.x.153 echo-reply
 permit icmp any host 98.x.x.151 echo
 permit icmp any host 98.x.x.151 echo-reply
 deny   tcp any range 0 65535 any range 0 65535
 deny   udp any range 0 65535 any range 0 65535
 deny   ip 10.0.0.0 0.255.255.255 any
 deny   ip 172.16.0.0 0.15.255.255 any
 deny   ip 192.168.0.0 0.0.255.255 any
 deny   ip 127.0.0.0 0.255.255.255 any
 deny   ip host 255.255.255.255 any
 deny   ip host 0.0.0.0 any
 deny   ip any any log
ip access-list extended vpnnatavoid
 permit ip 10.10.8.0 0.0.0.255 any
!
access-list 100 permit udp any any eq 5060
snmp-server community 
!
!
!
!
route-map mapnatavoid permit 1
 match ip address vpnnatavoid
!
!
!
!
control-plane

Open in new window

0
Comment
Question by:sdteknet
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 

Accepted Solution

by:
sdteknet earned 0 total points
ID: 35171170
#1 It helps to get sleep.

#2 It helps to power cycle the cable modem.
0
 

Author Closing Comment

by:sdteknet
ID: 35171174
The Cisco syntax was correct, but I never power cycled my cable modem after I swapped routers.  Power cycling the modem resolved the issue.
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On Feb. 28, Amazon’s Simple Storage Service (S3) went down after an employee issued the wrong command during a debugging exercise. Among those affected were big names like Netflix, Spotify and Expedia.
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question