NAT Problem.

[scrimmy]

I have a server on a remote site that I need to relocate to my main site.
So that I do not have to visit each workstation in turn to change the target
IP address of the server I intend to use NAT on the remote sites Cisco2651 router.

I have added the following into the remote site router

interface FastEthernet0/0
ip nat inside
interface FastEthernet0/1
ip nat outside
exit
ip nat inside source static 172.31.107.107 192.168.123.230

with FastEthernet0/0 being on the link back to main site and
FastEthernet0/1 being on the remote site LAN

when I try to telnet from a remote workstation onto the server with the original IP address
debug IP nat shows
02:19:25: NAT: s=192.168.123.220, d=192.168.123.230->172.31.107.107 [56712]
02:19:28: NAT: s=192.168.123.220, d=192.168.123.230->172.31.107.107 [56715]
02:19:34: NAT: s=192.168.123.220, d=192.168.123.230->172.31.107.107 [56717]

But connection failed message on workstaion

when I ping the original IP address from the worstation I get reply from 192.168.123.230
debug IP nat shows
02:21:54: NAT*: s=192.168.123.220, d=192.168.123.230->172.31.107.107 [56785]
02:21:55: NAT*: s=192.168.123.220, d=192.168.123.230->172.31.107.107 [56789]
02:21:56: NAT*: s=192.168.123.220, d=192.168.123.230->172.31.107.107 [56792]
02:21:57: NAT*: s=192.168.123.220, d=192.168.123.230->172.31.107.107 [56794]

I shall post full configs if necessary, but I hope this is an easy one to correct.


Thanks

 

[pmesjar]

What port(s) are you trying to telnet to test the functionality ot the server? Be sure you have these open on server, or you get connections refused.

Have you tried "debug ip nat detail" commnad?

Just one thought on router performance. Wouldn't it be better to change IP address of the server on workstations than to add additional load on the router? I mean if you already have much load on it.

Peter Mesjar
CCNA, A+ certified
pmesjar@centrum.sk

 

[scrimmy]

Hi Peter

I can telnet to the server from my main site so port 23 is enabled.

debug ip nat details shows
01:40:56: NAT: o: tcp (192.168.123.1, 23106) -> (192.168.123.230, 23) [0]
01:40:56: NAT: o: tcp (192.168.123.1, 23106) -> (172.31.107.107, 23) [52]
01:40:58: NAT: o: tcp (192.168.123.1, 23106) -> (192.168.123.230, 23) [0]
01:40:58: NAT: o: tcp (192.168.123.1, 23106) -> (172.31.107.107, 23) [54]
01:41:02: NAT: o: tcp (192.168.123.1, 23106) -> (192.168.123.230, 23) [0]
01:41:02: NAT: o: tcp (192.168.123.1, 23106) -> (172.31.107.107, 23) [56]

Changing the target IP address on the workstations will eventually be done but there are too many workstations and I only have one pair of hands. So by using NAT I can move the server then go back at a later date and change the workstations. The load on the router is minimal at present.

Cheers

 

[pmesjar]

Unless you can see something in form of "NAT: i: ..." your connections work one way (o - outgoing, to server) but no the other (from the server). Maybe posting the configs of affected devices along with outputs of "show ip route" and "show ip protocol" will be more helpful.

Peter Mesjar
CCNA, A+ certified
pmesjar@centrum.sk