I'm hoping that someone on here will be able to tell me that I'm specifically doing something wrong with my configurations on assist me with seeing the light. Alternately any assistance in helping me to determine a direction to go with troubleshooting would also be appreciated.
We have several different clients where we have installed Cisco routers utilizing NAT to connect their network to their ISP. In most of the cases we are recieving public IP's in two different subnets from the provider. One IP address configured in a /30 as the router inteface IP, and an additional routed IP subnet of public IP's assigned for use on our network. Most of the routers that we have in place are working just fine with the configuration that I have on them, however in one specific instance we are having a weird issue. The relevant portion of the configuration looks similar to the following.
interface FastEthernet0 ip address 192.168.3.2 255.255.255.0 ip nat inside no ip redirects no ip mask-reply no ip proxy-arp no shutdown exit
interface Ethernet0 ip address x.x.210.21 255.255.254.0 ip nat outside arp timeout 3600 no cdp enable no ip redirects no ip mask-reply no ip proxy-arp no shutdown exit
ip nat pool ISPNATPool x.x.212.50 x.x.212.50 prefix-length 29 ip nat inside source list 1 pool ISPNATPool overload ip nat inside source static 192.168.3.9 x.x.212.51 ip nat inside source static 192.168.2.14 x.x.212.53 ip nat inside source static tcp 192.168.3.226 x.x.212.49 ip nat inside source static tcp 192.168.3.36 5671 x.x.212.52 5671 extendable ip nat inside source static udp 192.168.3.36 5672 x.x.212.52 5672 extendable ip nat inside source static tcp 192.168.3.37 5681 x.x.212.52 5681 extendable ip nat inside source static udp 192.168.3.37 5682 x.x.212.52 5682 extendable ip nat inside source static tcp 192.168.3.38 5691 x.x.212.52 5691 extendable ip nat inside source static udp 192.168.3.38 5692 x.x.212.52 5692 extendable ip nat inside source static tcp 192.168.3.39 5711 x.x.212.52 5711 extendable ip nat inside source static udp 192.168.3.39 5712 x.x.212.52 5712 extendable access-list 1 permit 192.168.3.0 0.0.0.255
The problem that we experience is that we will not be able to connect to the static NAT'd hosts unless they have first established some type of connection outbound. For example 192.168.3.226 is a windows 2000 running Terminal services for remote administration. If I attempt to connect to that machine from the internet using terminal services right now my connection will fail. However if I have someone go to the server from the LAN and simply ping one IP address on the internet so that there is outbound traffic from the machine, then I can connect to it from the internet just fine for some amount of time. Then after no connection is made it's like it times out and I won't be able to connect again without generating outbound traffic.
The internet connection is established through a WISP, where their Wireless Radios all do Bridging rather than routing, and they have a linux box in place as a router on their end of the Wireless link that supposedly has a route in place to route the x.x.212.48/29 subnet to our main router interface IP of x.x.210.21. I at first suspected some type of ARP timeout on their network. However I worked with their technician yesterday and during the period of time where I was able to connect to the machine he was looking through all the ARP tables in their relevant equipment and never found any entires for the x.x.212.39 address that the machine is NAT'd to. Similar things happen on the x.x.212.52 address that is NAT'd to several different machines on specific ports.