[c-nsp] IP NAT help

Ivan c ivannetw at gmail.com
Tue Aug 29 18:52:05 EDT 2006 

Yes, that is the NATed source address

so a static route is needed for the 172.30.10.xx, even though it is a free
address used by the router for NAT?

On 8/30/06, Collins, Richard (Com US) <rich.collins at siemens.com> wrote:
>
>
> So your internal host sees a packet with a source address of
> 172.30.10.xx
>
> What does the routing table in your internal host show for the network
> 172.30.10.0/ ?  It
> should show that the route takes it back over the outside nat interface
> to the Customer RTR.
>
> -Rich
>
> >Date: Tue, 29 Aug 2006 13:57:51 +1000
> >From: "Ivan c" <ivannetw at gmail.com>
> >Subject: [c-nsp] IP NAT help
> >To: cisco-nsp at puck.nether.net
> >Message-ID:
> >       <75b1b4850608282057o76b89533g83570d15538c26a9 at mail.gmail.com>
> >Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> >
> >Hi All,
> >
> >I have an issue with NAT as was looking for some guidance. Thanks up
> front!
> >
> >I have an external router that does both source and destination NAT of
> the
> >addresses.
> >
> >                                                             fa0/0
> >fa0/1
> >Customer RTR<---------------------------------------->My
> >RTR<------------------------------------->internal host (172.30.13.xx)
> >Source 203.13.xx.xx                                         NAT
> source
> >172.30.10.xx
> >Dest 203.6.xx.xx
> >dest     172.30.13.xx
> >
> >Traffic imitated from 203.13.xx.xx to 203.6.xx.xx gets NATed at my
> router to
> >an internal source address of 172.30.10.xx and a destination of
> 172.30.13.xx
> >.
> >
> >So I tried the following
> >
> >interface Fa0/0
> >ip nat outside
> >
> >interface Fa0/1
> >ip nat inside
> >
> >ip nat inside soruce static 172.30.13.xx 203.6.xx.xx
> >ip nat outside source static 203.13.xx.xx 172.30.10.xx
> >
> >I do a tcpdump on the inside interface (mirror port on switch) and I
> see the
> >traffic destined for the internal host using the NAT addresses, but
> when the
> >internal hosts tries to syn back to my router, the router sends back a
> icmp
> >destination host unreachable?
> >
> >Thanks
> >Ivan
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list