Cisco 837, NAT & Netscreen in transparent Mode

Hi all My apologies if posting to the wrong group I have a Cisco 837 which I want to use as a backup internet link. What I hope to do is simply change the static route on my 3750 if the primary link goes down I have a Netscreen 25 configured in transparent mode

I have it configured as follows

Public IP, Cisco 837 Dialer i/f ---> Ethernet0 ---->

Netscreen25 Transparent ---> VLAN102 on the 3750 @

The VLAN interface of the Netscreen is and the management i/f is

I have configured the 837 router to perform NAT, as I only have 1 public IP, the Ethernet i/f of the 837 is configured with a private IP I am seeing the Cisco attempt to perform NAT

sh ip nat trans Pro Inside global Inside local Outside local Outside global tcp

I have a one off static route on the 3750 for testing and this is the websiteI am trying to access via this route

ip route

I have a policy on the netscreen that says Source Any to Dest Any permit HTTP I am seeing on the log of the Netscreen the same thing

Date/Time Source Address/Port Destination Address/Port Duration Service

2008-03-25 15:39:06 59 sec. HTTP

The Cisco config is pretty straight forward as shown

version 12.2 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug uptime service timestamps log uptime service password-encryption no service dhcp ! hostname aff_837 ! logging queue-limit 100 logging buffered 4096 debugging ! clock timezone AEST 8 ip subnet-zero no ip source-route ip domain name ip name-server ip name-server ! no ip bootp server ip audit notify log ip audit po max-events 100 vpdn enable ! no ftp-server write-enable ! interface Null0 no ip unreachables ! interface Ethernet0 ip address ip nat inside ip tcp adjust-mss 1452 hold-queue 100 out ! interface ATM0 no ip address no atm ilmi-keepalive pvc 8/35 pppoe-client dial-pool-number 1 ! dsl operating-mode auto ! ! interface Dialer1 description Amcom VPN mtu 1492 ip address negotiated no ip unreachables ip nat outside encapsulation ppp dialer pool 1 dialer-group 1 no cdp enable ppp authentication chap callin ppp chap hostname xxxxxxx ppp chap password xxxxxxx ! ip nat inside source list 23 interface Dialer1 overload ip classless ip route Dialer1 no ip http server no ip http secure-server ! access-list 5 permit any access-list 23 permit access-list 23 permit access-list 23 permit dialer-list 1 protocol ip permit route-map clear-df permit 10 match ip address 5 set ip df 0 !

line con 0 exec-timeout 60 0 no modem enable stopbits 1 line aux 0 stopbits 1 line vty 0 4 exec-timeout 120 0 login local length 0 ! scheduler max-task-time 5000 ! end

Can anyone tell me what I am missing? Is it a policy problem on the netscreen or a config problem on the 837? I can ping the & .7 from the router using an extended ping using the ethernet i/f as the source but cannot ping the VLAN102 i/f of the 3750, once again I believe this is an incomingpolicy issue. All I have is 4 outgoing policies from the trust to the untrust for FTP, DNS, HTTPS and HTTP

Cheers, Scott

Reply to
Loading thread data ... Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.