Cisco NAT

[UNIX72]

We are using 1605 router with 2 ethernet ports. Ethernet0 (ip address 10.10.20.30 255.255.0.0)and Eth1 (192.0.2.4 255.255.255.0) On the 192 net there are 2 boxes with ip addresses 192.0.2.2 and 192.0.2.3 that I want to nat translate to 10.10.5.2 to 10.10.5.3 on the 10 net. How is this done? How do I verify its working? I done nat before numerous times but only the internal clients going out to the internet. I basically want if a request goes to 192.0.2.2 translate to 10.10.5.2. Do i need to place the ip route command for the 192.0.2.0 subnet to reach the 10.10.5.0 subnet for the transalation?
So this is my config:

Ethernet 0:Nat inside
Ethernet 1:Nat outside

ip nat inside source static 10.10.5.2 192.0.2.3

Before i place the ip nat inside command i was able to ping both ip addresses from the router. Now i can ping only the 10.10.5.2. But if i remove the command i can ping both ip's. Any suggestions, thanks

 

[Nutz]

www.cisco.com

Their search is second to none when it comes to this stuff.

 

[FFC]

I just checked this out on a live box we have here. Your config looks OK but you should be able to ping both the inside and outside addresses from the router.

You don't need a static route as part of the translation.

 

[UNIX72]

I can't ping both interfaces only 10.10.5.1 unless I remove the ip nat static entry then i can ping 192.0.2.3. This is the output from debug ip nat when i try to ping 192.0.2.3:

16wld: NAT: s=192.0.2.4, d=192.0.2.3->10.10.5.3 [940].

success rate is 0 percent (0/5)

Anymore suggestions please help, thanks.

 

[FFC]

OK, I have the following:

------------------------------------------------------

interface Ethernet0
description test inside
ip address 10.24.10.4 255.255.252.0
no ip directed-broadcast
ip nat inside
no ip route-cache
no ip mroute-cache
!
interface Ethernet1
description test outside
ip address 172.17.29.254 255.255.255.0
no ip directed-broadcast
ip nat outside
no ip route-cache

ip nat pool test 172.21.0.3 172.21.0.3 netmask 255.255.255.0
ip nat inside source list 1 pool test overload
ip nat inside source static 10.24.10.2 172.21.0.2
ip classless
!
access-list 1 permit 10.24.0.0 0.0.255.255

-----------------------------------------------------------------------------------

And I get the following:

----------------------------------------------------------------------------------

test#ping 10.24.10.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.24.10.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/8 ms
iaxis-csc#ping 172.21.0.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.21.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms
test#

---------------------------------------------------------------------------------------

With the kit as follows

--------------------------------------------------------------------------------------

test#sh ver
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-IS-L), Version 12.0(9), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Mon 24-Jan-00 21:46 by bettyl
Image text-base: 0x0303DF2C, data-base: 0x00001000

ROM: System Bootstrap, Version 5.2(5), RELEASE SOFTWARE
BOOTFLASH: 3000 Bootstrap Software (IGS-RXBOOT), Version 10.2(5), RELEASE SOFTWA
RE (fc1)

test uptime is 44 weeks, 4 days, 12 hours, 29 minutes
System restarted by reload
System image file is "flash:c2500-is-l.120-9.bin"

cisco 2500 (68030) processor (revision D) with 4096K/2048K bytes of memory.
Processor board ID 02003572, with hardware revision 00000000
Bridging software.
X.25 software, Version 3.0.0.
2 Ethernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
32K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read ONLY)

Configuration register is 0x2102

----------------------------------------------------------------------------------------------------------

As you can see the only difference between what I have and your config is the overloaded
nat pool which shouldn't make a difference.

If you do a sh ip route for 192.0.2.3 what does the routing table contain. I have a route to my outside
nat address via the address on the outside interface.

 

[UNIX72]

Thanks FCC for the info, when i do a sh ip route 192.0.2.3 states its directly connected to ethernet 1 so that's fine. Also sh ip route shows both networks. I created a static route 0.0.0.0 0.0.0.0 over our serial interface to reach my remote location, but the serial interface is not involved with nat. If i removed the ip nat inside source static statement i am able to ping 192.0.2.3, please help any suggestions. Thank you

 

[FFC]

You should make the serial interface a nat outside one, otherwise it won't know how to react to packets which come into it destied for nat addresses. You may not have traffic coming in to that interface doing that but try it to see if it helps.