[c-nsp] Intermittent Port Forwarding Problems with New-Style NAT
Gary T. Giesen
giesen at snickers.org
Wed May 7 12:49:39 EDT 2014
I have a router (2821, running 15.1(4)M8) with the following config:
interface Dialer1
Internet PPPoE
mtu 1492
ip address negotiated
ip nat enable
encapsulation ppp
ip tcp adjust-mss 1452
load-interval 30
dialer pool 1
keepalive 5
ppp pap sent-username user.name password pass123
end
interface GigabitEthernet0/0
DSL Modem
no ip address
duplex auto
speed auto
end
interface GigabitEthernet0/1
description LAN Switch
ip address 192.168.1.1 255.255.255.0
ip nat enable
end
ip access-list extended NAT_HOSTS
10 permit ip 192.168.1.0 0.0.0.255 any
ip nat source list NAT_HOSTS interface Dialer1 overload
ip nat source static tcp 192.168.1.3 3389 interface Dialer1 3389
What I'm randomly encountering is the port forward will stop working,
and I have to remove and re-add the line:
ip nat source static tcp 192.168.1.3 3389 interface Dialer1 3389
It's difficult to reproduce as it appears on random intervals, and I
need to restore service so I don't have a lot of time to troubleshoot.
Has anyone ever encountered this before? I'm pretty sure my config is
sane but feel free to point out if it is not. The problem does not
seem to occur if I use the old style nat (ip nat inside/ip nat
outside) but the new-style nat is much preferable for its flexibility.
It also doesn't affect the PAT.
Cheers,
GTG
More information about the cisco-nsp
mailing list