[nsp] IOS nat outside source static
Daryl G. Jurbala
daryl at introspect.net
Fri Sep 5 17:50:37 EDT 2003
I've been staring at my config for WAY too long, and can't figure this
one out. Maybe someone can help.
I had this working a few months ago on a different but similar box, and
can't seem to figure out what I'm missing this time.
What I'm trying to do is translate RFC-1918 space that is reachable over
an IPSec tunnel (on a customer's network) so that it can be accessed
from the host network as different RFC1918 space (some of the space at
the two sites is overlapping, so this seems to be the best solution for
the scalability requirements).
The IPSec tunnel works, and I can get to the remote end, for example,
telnet to 10.10.0.10, which is picked up by the match address and shoved
over the IPSec as one would expect.
Now what is not working:
ip nat outside source static 10.10.0.10 192.168.2.20
I should be able to telnet to 10.10.0.0 from 192.168.2.20 (the "inside"
interface of the router is in the 192.168.2.x subnet). I can ping
192.168.2.20, so the router is obviously proxy arping, but I can't
telnet to it. I immediately get a "denied" on the client, and deb ip
nat shows NO NAT ACTIVITY, confirmed by all 0-counters in a sh ip nat
sta.
I'm obviously missing something here. Anyone have some ideas for me to
troubleshoot this one?
Thanks,
Daryl
More information about the cisco-nsp
mailing list