Re: static NAT problem

From: Nick (nick@arc.net.my)
Date: Tue Apr 16 2002 - 09:40:38 EDT


as gert said the static NAT configuration looks right and all and should
work. the issue was that OSPF was only announcing a /32 and not the /28
providing no route to the clients router for the NAT translations to kick
in.

the magic was to add 'ip ospf network point-to-point' under the lo0
interface - thankfully pointed out by a legend on this mailing list.

-nick/

----- Original Message -----
From: "kevin graham" <kgraham@dotnetdotcom.org>
To: "Nick" <nick@arc.net.my>
Cc: <cisco-nsp@puck.nether.net>; "Gert Doering" <gert@greenie.muc.de>
Sent: Tuesday, April 16, 2002 8:18 PM
Subject: Re: static NAT problem

>
> On Tue, 16 Apr 2002, Gert Doering wrote:
>
> > > > The internal LAN PCs can access the Internet via a NAT/PAT overload
> > > > statement on the Lo0 interface. However the static NAT translations
> > > > for the mail servers don't seem to be working. We cannot ping or
> > > > establish an
> > > > SMTP session.
> > >
> > > Try to exclude from access-list 10 IP addresses 192.168.100.127 and
> > > 192.168.100.128.
> >
> > Cisco NAT is usually smart enough to not need this.
>
> See Gert's other postings for fixing the issues of it not working at all,
> but other its working from the outside, one problem you'll likely have
> (atleast its been dogging me for some time) is hitting that inside static
> when coming out through an inside global (see thread: "[nsp] ip inside
> global -> ip inside static" back in Jan02). The thing that was needed was
> a /32 for the inside static address that points to nexthop -- this kludges
> things up enough that ios will push the packet from an inside global out
> far enough internally that it will come back in through the proper path.
> Ugly, but it was the only way I've found to get it to work (still need to
> hit bug navigator to see if there's a proper bugid on this).
>
> ..kg..
>
>
>
>
>



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:41 EDT