Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Static NAT mapping failing 1

Status
Not open for further replies.
Busgypsy

Busgypsy

IS-IT--Management
Jun 7, 2006
4
US
I'm having trouble getting an external IP to map to a server. There are two routers involved, Router1 with Serial1 on the Internet, FE1 on the local subnet, and linked to Router2 via Serial1.

There is one static mapping from 216.104.66.35 to an internal IP of 192.168.0.141. I've added another one with 216.104.66.36 mapped to 10.1.53.62. The first works and the second one doesn't.

The second internal address of 10.1.53.62 is off of Router2 and is reachable from Router1.

Please help!

Here is config for Router1:

Current configuration : 3614 bytes
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname ROUTER1
!
logging buffered 4096 debugging
enable password blather
!
!
!
!
!
memory-size iomem 25
ip subnet-zero
no ip finger
!
ipx routing 0007.85a2.b652
!
!
!
interface Serial0
description Frame Relay Ckt 70/YGGA/001278 (256K)
no ip address
encapsulation frame-relay
!
interface Serial0.16 point-to-point
description WAN Connection 70/YGGA/38493 to Klamath Falls
ip address 172.1.1.1 255.255.0.0
ipx network 12348
frame-relay interface-dlci 16 IETF
!
interface Serial0.17 point-to-point
description WAN Connection 70/YGGA/38492 to Roseburg
ip address 172.2.1.1 255.255.0.0
frame-relay interface-dlci 17 IETF
!
interface Serial0.18 point-to-point
description WAN Connection 70/YGGA/50948 to Albany
ip address 172.6.1.1 255.255.0.0
ip nat inside
ipx network 12350
frame-relay interface-dlci 18 IETF
!
interface Serial0.19 point-to-point
description WAN Connection 70/YGGA/001279 to Coos Bay
ip address 192.168.254.5 255.255.255.252
frame-relay interface-dlci 19
!
interface Serial0.20 point-to-point
ip address 216.104.66.30 255.255.255.252
ip access-group 101 in
ip nat outside
frame-relay interface-dlci 20 IETF
!
interface Serial1
ip address 172.8.1.1 255.255.0.0
ip nat inside
!
interface FastEthernet0
ip address 192.168.0.111 255.255.255.0
ip nat inside
speed auto
ipx network AC encapsulation SAP
!
router rip
network 172.1.0.0
network 172.2.0.0
network 172.6.0.0
network 172.8.0.0
network 192.168.0.0
no auto-summary
!
ip nat pool net-10 216.104.66.33 216.104.66.34 prefix-length 24
ip nat inside source list 1 pool net-10 overload
ip nat inside source static 10.1.53.62 216.104.66.36
ip nat inside source static 192.168.0.141 216.104.66.35
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0.20
ip route 10.1.53.0 255.255.255.0 Serial1
ip route 172.4.1.0 255.255.255.0 172.1.1.2
ip route 172.5.1.0 255.255.255.0 172.2.1.2
ip route 172.7.1.0 255.255.255.0 172.6.1.2
no ip http server
!
access-list 1 deny 192.168.0.141
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 1 permit 172.6.0.0 0.0.0.255
access-list 1 permit 172.6.0.0 0.0.255.255
access-list 1 permit 172.7.1.0 0.0.0.255
access-list 13 permit 10.1.53.62
access-list 101 permit tcp host 204.90.130.195 any
access-list 101 permit udp 208.254.250.192 0.0.0.31 any
access-list 101 permit tcp 208.254.250.192 0.0.0.31 any
access-list 101 deny tcp any any eq 5080 log-input
access-list 101 deny 53 any any
access-list 101 deny 55 any any
access-list 101 deny 77 any any
access-list 101 deny pim any any
access-list 101 permit ip any any
access-list 115 deny udp any any eq tftp
access-list 115 deny tcp any any eq 135
access-list 115 deny udp any any eq 135
access-list 115 deny udp any any eq netbios-ns
access-list 115 deny udp any any eq netbios-dgm
access-list 115 deny tcp any any eq 139
access-list 115 deny udp any any eq netbios-ss
access-list 115 deny tcp any any eq 445
access-list 115 deny tcp any any eq 593
access-list 115 deny tcp any any eq 4444
access-list 115 permit ip any any
!
!
!
snmp-server community public RO
snmp-server enable traps snmp
snmp-server enable traps isdn call-information
snmp-server enable traps isdn layer2
snmp-server enable traps frame-relay
snmp-server enable traps syslog
snmp-server enable traps hsrp
snmp-server enable traps config
snmp-server enable traps entity
snmp-server enable traps rtr
!
line con 0
transport input none
line aux 0
line vty 0 4
password blather
login
!
no scheduler allocate
end

AND CONFIG FOR ROUTER 2:


Current configuration : 1163 bytes
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname ROUTER2
!
enable password blather
!
!
!
!
!
memory-size iomem 25
ip subnet-zero
no ip finger
!
!
!
!
interface Serial0
description Frame Relay Ckt to Eugene 70/YGGA/001279
no ip address
encapsulation frame-relay
shutdown
!
interface Serial0.16 point-to-point
description WAN Ckt to Eugene
ip address 192.168.254.6 255.255.255.252
frame-relay interface-dlci 16
!
interface Serial1
ip address 172.8.1.2 255.255.0.0
!
interface FastEthernet0
description Local Lan
ip address 10.1.53.222 255.255.0.0
ip policy route-map eug-out
speed auto
!
router rip
network 10.0.0.0
network 172.8.0.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.1.53.199
ip route 192.168.0.0 255.255.255.0 172.8.1.1
ip route 192.168.0.0 255.255.255.0 Serial1
no ip http server
!
access-list 10 permit 10.1.53.62
access-list 10 permit 10.1.53.60
route-map eug-out permit 100
match ip address 10
set interface Serial1
set ip next-hop 172.8.1.1
!
!
line con 0
transport input none
line aux 0
line vty 0 4
password blather
login
!
no scheduler allocate
end
 
Sort by date Sort by votes
Hi Busgypsy
Tracing a route via Input
from 216.104.66.36 going to 10.1.53.62
is going via
Router 1
ip route 10.1.53.0 255.255.255.0 Serial1
to the serial1
with ip address 172.8.1.1 255.255.0.0
than
On
Router 2
with
ip address 172.8.1.2 255.255.0.0
than going to the Ethernet
with
ip address 10.1.53.222 255.255.0.0

I think You have problem with default gateway
on Router 2
ip route 0.0.0.0 0.0.0.0 10.1.53.199
is pointing back to the Ethernet

add one line eg only for this External IP
ip route 216.104.66.36 255.255.255.255 172.8.1.1
so back to the serial 1 on router 1
and than to the internet

And see what default GW is on the PC 10.1.53.62
must be: 10.1.53.222 not 10.1.53.199
that seems You have another Default Router to other sites
IP 10.1.53.199

Perhaps that will be working


 
Upvote 0 Downvote
10.1.53.199 is another router. It is connected to DSL to route Internet traffic over the DSL not the routers on the internal network.

I'll add that static mapping and see what I turn up.

Thanks for your help!

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

darktriad
  • Locked
  • Question
Cisco ASA 9.4: Configuring NAT
Replies
0
Views
281
darktriad
darktriad
netguy2000
  • Locked
  • Question
Cisco router 1841 NAT/PAT problem
Replies
0
Views
215
netguy2000
netguy2000
jmkelly
  • Locked
  • Question
Partly-dynamic / partly-static NAT
Replies
2
Views
242
jmkelly
jmkelly
ameyUK
  • Locked
  • Question
Static routes and EIGRP
Replies
1
Views
231
pablo100
pablo100
ngtri
  • Locked
  • Question
Please, need your help to check my configurations. NAT and HSRP
Replies
0
Views
237
ngtri
ngtri

Part and Inventory Search

Sponsor

Back
Top