[c-nsp] IP NAT help

christopher.a.kane at jpmchase.com christopher.a.kane at jpmchase.com
Tue Aug 29 14:22:33 EDT 2006 

Do you have a route for that network? NAT is irrelevant if there is no 
route.

sorry for the top post (my mail app sucks)

-chris





"Ivan c" <ivannetw at gmail.com> 
Sent by: cisco-nsp-bounces at puck.nether.net
08/28/2006 11:57 PM

To
cisco-nsp at puck.nether.net
cc

Subject
[c-nsp] IP NAT help






Hi All,

I have an issue with NAT as was looking for some guidance. Thanks up 
front!

I have an external router that does both source and destination NAT of the
addresses.

                                                             fa0/0
fa0/1
Customer RTR<---------------------------------------->My
RTR<------------------------------------->internal host (172.30.13.xx)
Source 203.13.xx.xx                                         NAT source
172.30.10.xx
Dest 203.6.xx.xx
dest     172.30.13.xx

Traffic imitated from 203.13.xx.xx to 203.6.xx.xx gets NATed at my router 
to
an internal source address of 172.30.10.xx and a destination of 
172.30.13.xx
.

So I tried the following

interface Fa0/0
ip nat outside

interface Fa0/1
ip nat inside

ip nat inside soruce static 172.30.13.xx 203.6.xx.xx
ip nat outside source static 203.13.xx.xx 172.30.10.xx

I do a tcpdump on the inside interface (mirror port on switch) and I see 
the
traffic destined for the internal host using the NAT addresses, but when 
the
internal hosts tries to syn back to my router, the router sends back a 
icmp
destination host unreachable?

Thanks
Ivan
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



-----------------------------------------
This transmission may contain information that is privileged,
confidential, legally privileged, and/or exempt from disclosure
under applicable law.  If you are not the intended recipient, you
are hereby notified that any disclosure, copying, distribution, or
use of the information contained herein (including any reliance
thereon) is STRICTLY PROHIBITED.  Although this transmission and
any attachments are believed to be free of any virus or other
defect that might affect any computer system into which it is
received and opened, it is the responsibility of the recipient to
ensure that it is virus free and no responsibility is accepted by
JPMorgan Chase & Co., its subsidiaries and affiliates, as
applicable, for any loss or damage arising in any way from its use.
If you received this transmission in error, please immediately
contact the sender and destroy the material in its entirety,
whether in electronic or hard copy format. Thank you.

More information about the cisco-nsp mailing list