[c-nsp] IP NAT help

Collins, Richard (Com US) rich.collins at siemens.com
Wed Aug 30 08:55:51 EDT 2006 

 
Well there has to be some kind of return route for this source ip
address.  You could try a static
route and see how it reacts.
-Rich
 
>Yes, that is the NATed source address
>
>so a static route is needed for the 172.30.10.xx, even though it is a
free address used by the router for NAT?
>
>
>On 8/30/06, Collins, Richard (Com US) <rich.collins at siemens.com> wrote:
>
>So your internal host sees a packet with a source address of
>172.30.10.xx
>
>What does the routing table in your internal host show for the network
>172.30.10.0/ ?  It
>should show that the route takes it back over the outside nat interface

>to the Customer RTR.
>
>-Rich
>
>>Date: Tue, 29 Aug 2006 13:57:51 +1000
>>From: "Ivan c" <ivannetw at gmail.com>
>>Subject: [c-nsp] IP NAT help 
>>To: cisco-nsp at puck.nether.net
>>Message-ID:
>>       <75b1b4850608282057o76b89533g83570d15538c26a9 at mail.gmail.com >
>>Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>>
>>Hi All,
>>
>>I have an issue with NAT as was looking for some guidance. Thanks up
>front!
>>
>>I have an external router that does both source and destination NAT of

>the
>>addresses.
>>
>>                                                             fa0/0
>>fa0/1
>>Customer RTR<---------------------------------------->My
>>RTR<------------------------------------->internal host (
172.30.13.xx)
>>Source 203.13.xx.xx                                         NAT
>source
>>172.30.10.xx
>>Dest 203.6.xx.xx
>>dest     172.30.13.xx
>>
>>Traffic imitated from 203.13.xx.xx to 203.6.xx.xx gets NATed at my
>router to
>>an internal source address of 172.30.10.xx and a destination of
>172.30.13.xx
>>.
>>
>>So I tried the following
>>
>>interface Fa0/0
>>ip nat outside 
>>
>>interface Fa0/1
>>ip nat inside
>>
>>ip nat inside soruce static 172.30.13.xx 203.6.xx.xx
>>ip nat outside source static 203.13.xx.xx 172.30.10.xx
>>
>>I do a tcpdump on the inside interface (mirror port on switch) and I 
>see the
>>traffic destined for the internal host using the NAT addresses, but
>when the
>>internal hosts tries to syn back to my router, the router sends back a
>icmp
>>destination host unreachable? 
>>
>>Thanks
>>Ivan
>
>

More information about the cisco-nsp mailing list