1. Home
  2. Cisco Systems
  3. Static NAT is not working

Static NAT is not working

I have Cisco router 1721 with two interfaces. One Serial connected to Internet and second FastEthernet connected to local network. I've configured dynamic NAT from inside to outside which is working. But if I try to configure static NAT for one port from outside to inside this NAT is not working. What can be wrong? This is my configuration: ! interface FastEthernet0 description LocalNetwork ip address x.x.0.100 255.255.0.0 ip access-group 102 in no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip route-cache flow speed auto ! ! interface Serial0 description Internet bandwidth 1024 ip address z.z.z.134 255.255.255.252 ip access-group 101 in ip verify unicast reverse-path no ip redirects no ip unreachables no ip proxy-arp ip nat outside encapsulation frame-relay IETF ip route-cache flow no ip mroute-cache no arp frame-relay frame-relay interface-dlci 99 frame-relay lmi-type ansi ! ! ip classless ip route 0.0.0.0 0.0.0.0 z.z.z.133 ! ip nat inside source list 100 interface Serial0 overload ip nat inside source static tcp x.x.0.1 3389 z.z.z.134 3389 extendable ! access-list 100 permit ip x.x.0.0 0.0.255.255 any access-list 101 permit ip any any access-list 102 permit ip any any

Thanks for your help in advance. I've couped with this since one week and no success.

Lukasz Chomin

Reply to
lukaszc
Loading thread data ...

Hi It seems me that it is a correct configuration for a termina server .

In this moment you don't have other services inside , so set the nat static without the port .

ip nat inside ource static host host extendable

If the problem remain ,

I think that it's or

a application trouble on the terminal server , windows setting for example .. firewall , routes , default gateway etc. ( but in this case the nat work , with anyone function , but work )

or a link problem

The terminal server set the field don't fragmentation ; If the router in the path have a small mtu on your link could discard the packets . I counsil you : sh ip nat translation , ... see if the entry match . If yes , debug ip icmp .... and see if some packet icmp unreacheble for don't fragmentation set at 1 arrive .

Reply to
albachiarajenny

Yes, it should work but is not working. And I don't know why. My inside global ip address is the same as ip of the router Serial interface. If I do it I'll lost remote connection to my router. The application is working. I can use it from local network. Even on router CLI if I put telnet x.x.0.1 3389 I see that the port is open. My ip nat translation shows that there are entries for NAT: Pro Inside global Inside local Outside local Outside global tcp z.z.z.134:3389 x.x.0.1:3389 z.z.z.134:60422 z.z.z.134:60422 tcp z.z.z.134:3389 x.x.0.1:3389 --- --- When I look at debug ip nat detailed I can see that packets are going to destination computer but never come back:

000730: Aug 12 16:55:08.770 CEST: NAT*: o: tcp (62.87.178.195, 29003)

-> (z.z.z.134, 3389) [42435]

000731: Aug 12 16:55:08.770 CEST: NAT*: o: tcp (62.87.178.195, 29003)

-> (z.z.z.134, 3389) [42435]

000732: Aug 12 16:55:08.770 CEST: NAT*: s=62.87.178.195, d=z.z.z.134->x.x.0.1 [42435] 000733: Aug 12 16:55:11.678 CEST: NAT*: o: tcp (62.87.178.195, 29003)

-> (z.z.z.134, 3389) [42437]

000734: Aug 12 16:55:11.682 CEST: NAT*: s=62.87.178.195, d=z.z.z.134->x.x.0.1 [42437] 000735: Aug 12 16:55:17.698 CEST: NAT*: o: tcp (62.87.178.195, 29003)

-> (z.z.z.134, 3389) [42439]

000736: Aug 12 16:55:17.698 CEST: NAT*: s=62.87.178.195, d=z.z.z.134->x.x.0.1 [42439]

debug ip icmp shows nothing.

Any other help is very appreciate. Best regards Lukasz Chomin

Reply to
lukaszc

Can you reach the inside host in the inside network?

Just to make sure your service is responding and it is a NAT problem.

-as

Reply to
aservin

Yes I can. Even from router as I've mentioned.

Reply to
lukaszc

Hi,

Can the Terminal Server access the internet ? ie Is the gateway correct on the Terminal server?

Rob

Reply to
RobO

Yes!!! That was the issue. Thank you very much. I set correct gateway on this Server but I didn't check is it working.

Reply to
lukaszc

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.