[nsp] NAT Issue
Marcus Keane
mkeane@microsoft.com
Sun, 1 Sep 2002 08:37:07 +1000
Hagop,
I don't know if somebody answered this already. It's difficult to
quickly tell what's wrong without seeing the routing tables and
translation tables but I have two suggestions. Firstly enable "ip
subnet-zero" and secondly change access-list 1 to exclude your web
server from the PAT translation source-list.
HTH,
Marcus.
-----Original Message-----
From: Hagop Karaoghlanian [mailto:hkaraoghlanian@corp.attcanada.ca]=20
Sent: 29 August 2002 11:10
To: 'cisco-nsp@puck.nether.net'
Subject: [nsp] NAT Issue
Importance: High
Hello all,
Here is the situation;
---------------------
web server |
192.168.0.2/24 |
|
---------------------
----------------------------------
| | Cisco
1605R
|=09
| .1/24 |
| 172.16.158.2/30
|--------------------------------------------------- |
NAT |
| |
| =09
---------------------
----------------------------------
client |
192.168.0.10/24 |
|
---------------------
Anyone coming from the outside and telnetting to the router's outside IP
via
port 80 is successful in attaining access to it. Web server is up and
running.
Here is the issue:
1) The client puts 172.16.158.2 in its Internet Explorer browser and
gets
page cannot be displayed. This is from the workstation on the LAN.
2) From the router if you do an extended traceroute to the target of
192.168.0.2 sourcing from 172.16.158.2 it gets timedout.
3) here is the config on the router:
!
version 11.2
no service finger
no service password-encryption
no service udp-small-servers
no service tcp-small-servers
!
hostname Router
!
enable password cisco
!
username hagop password 0 hagop
no ip source-route
no ip subnet-zero
ip nat translation timeout 3600
ip nat inside source list 1 interface Ethernet1 overload
ip nat inside source static tcp 192.168.0.2 80 172.16.158.2 80
extendable
!
interface Ethernet0
description LAN (Internal)
ip address 192.168.0.1 255.255.255.0
no ip redirects
no ip directed-broadcast
no ip proxy-arp
ip nat inside
no cdp enable
!
interface Ethernet1
description PtP to access router
ip address 172.16.158.2 255.255.255.252
no ip redirects
no ip directed-broadcast
no ip proxy-arp
ip nat outside
no cdp enable
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.158.1
access-list 1 permit 192.168.0.0 0.0.0.255
!
no cdp run
!
line con 0
line vty 0 4
!
end
Any help would greatly be appreciated.
thanks
Hagop
_______________________________________________
cisco-nsp mailing list real_name)s@puck.nether.net
http://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/