Hi,
I've got a problem dealing with Cisco-NAT.
I've a device which is reachable on the IP 169.254.1.1, with no route set. For some reasons I can't change this setting nor set a route.
I've tried to set up a Cisco 831 with source- and destination-NAT, so the SA gets translated to the 169.254.1.1xx pool and the DA to 169.254.1.1.
The WAN Net of the Cisco is 212.202.254.225/28.
The Cisco is konfigured as follows:
interface Ethernet0 description "LAN" ip address 169.254.1.254 255.255.0.0 ip nat inside ! interface Ethernet1 description "WAN" ip address 212.202.254.226 255.255.255.240 ip nat outside ! ip route 0.0.0.0 0.0.0.0 212.202.254.225 ! ip nat pool apipa-pool 169.254.1.100 169.254.1.199 netmask 255.255.0.0 ip nat inside source static 169.254.1.1 212.202.254.227 ip nat outside source list 1 pool apipa-pool ! access-list 1 permit 195.90.0.0 0.0.255.255 access-list 1 remark "The Network where the clients reside"
When I now start telnet on my Host 195.90.0.241, it just hangs:
xxx@host:~> telnet 212.202.254.227 Trying 212.202.254.227...
On the 169.254.1.1 target device, the debugging looks like the following lines:
01/23/2008-15:04:02:IP-FILTER: I:PROTO 6 (TCP) pkt from 169.254.1.100/1993 01/23/2008-15:04:02:IP-FILTER: to 169.254.1.1/23 accepted, SYN Flag 01/23/2008-15:04:02:IP-FILTER: O:PROTO 6 (TCP) pkt from 169.254.1.1/23 01/23/2008-15:04:02:IP-FILTER: to 169.254.1.100/1993 accepted, SYN/ACK FlsSo the packets are sent correct and get answered.
Debugging on the Cisco 831 looks like this:
fritz#debug ip nat detailed IP NAT detailed debugging is on fritz#debug ip packet detail IP packet debugging is on (detailed)
*Mar 1 11:21:32.019: NAT*: o: tcp (195.90.0.241, 1993) -> (212.202.254.227, 23) [4363] *Mar 1 11:21:32.019: NAT*: o: tcp (195.90.0.241, 1993) -> (212.202.254.227, 23) [4363] *Mar 1 11:21:32.019: NAT*: s=195.90.0.241->169.254.1.100, d=212.202.254.227 [4363] 169.254.1.1 [4363]