Re: static NAT problem

From: kevin graham (kgraham@dotnetdotcom.org)
Date: Tue Apr 16 2002 - 08:18:34 EDT


On Tue, 16 Apr 2002, Gert Doering wrote:

> > > The internal LAN PCs can access the Internet via a NAT/PAT overload
> > > statement on the Lo0 interface. However the static NAT translations
> > > for the mail servers don't seem to be working. We cannot ping or
> > > establish an
> > > SMTP session.
> >
> > Try to exclude from access-list 10 IP addresses 192.168.100.127 and
> > 192.168.100.128.
>
> Cisco NAT is usually smart enough to not need this.

See Gert's other postings for fixing the issues of it not working at all,
but other its working from the outside, one problem you'll likely have
(atleast its been dogging me for some time) is hitting that inside static
when coming out through an inside global (see thread: "[nsp] ip inside
global -> ip inside static" back in Jan02). The thing that was needed was
a /32 for the inside static address that points to nexthop -- this kludges
things up enough that ios will push the packet from an inside global out
far enough internally that it will come back in through the proper path.
Ugly, but it was the only way I've found to get it to work (still need to
hit bug navigator to see if there's a proper bugid on this).

..kg..



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:12 EDT