Weird NAT/Routing Issue.
- From: "Jonathan Haase" <jonathan@xxxxxxxxxxxxxxxxxx>
- Date: Tue, 02 May 2006 17:05:34 GMT
I'm hoping that someone on here will be able to tell me that I'm
specifically doing something wrong with my configurations on assist me with
seeing the light. Alternately any assistance in helping me to determine a
direction to go with troubleshooting would also be appreciated.
We have several different clients where we have installed Cisco routers
utilizing NAT to connect their network to their ISP. In most of the cases
we are recieving public IP's in two different subnets from the provider. One
IP address configured in a /30 as the router inteface IP, and an additional
routed IP subnet of public IP's assigned for use on our network. Most of
the routers that we have in place are working just fine with the
configuration that I have on them, however in one specific instance we are
having a weird issue. The relevant portion of the configuration looks
similar to the following.
interface FastEthernet0
ip address 192.168.3.2 255.255.255.0
ip nat inside
no ip redirects
no ip mask-reply
no ip proxy-arp
no shutdown
exit
interface Ethernet0
ip address x.x.210.21 255.255.254.0
ip nat outside
arp timeout 3600
no cdp enable
no ip redirects
no ip mask-reply
no ip proxy-arp
no shutdown
exit
ip nat pool ISPNATPool x.x.212.50 x.x.212.50 prefix-length 29
ip nat inside source list 1 pool ISPNATPool overload
ip nat inside source static 192.168.3.9 x.x.212.51
ip nat inside source static 192.168.2.14 x.x.212.53
ip nat inside source static tcp 192.168.3.226 x.x.212.49
ip nat inside source static tcp 192.168.3.36 5671 x.x.212.52 5671 extendable
ip nat inside source static udp 192.168.3.36 5672 x.x.212.52 5672 extendable
ip nat inside source static tcp 192.168.3.37 5681 x.x.212.52 5681 extendable
ip nat inside source static udp 192.168.3.37 5682 x.x.212.52 5682 extendable
ip nat inside source static tcp 192.168.3.38 5691 x.x.212.52 5691 extendable
ip nat inside source static udp 192.168.3.38 5692 x.x.212.52 5692 extendable
ip nat inside source static tcp 192.168.3.39 5711 x.x.212.52 5711 extendable
ip nat inside source static udp 192.168.3.39 5712 x.x.212.52 5712 extendable
access-list 1 permit 192.168.3.0 0.0.0.255
The problem that we experience is that we will not be able to connect to the
static NAT'd hosts unless they have first established some type of
connection outbound. For example 192.168.3.226 is a windows 2000 running
Terminal services for remote administration. If I attempt to connect to that
machine from the internet using terminal services right now my connection
will fail. However if I have someone go to the server from the LAN and
simply ping one IP address on the internet so that there is outbound traffic
from the machine, then I can connect to it from the internet just fine for
some amount of time. Then after no connection is made it's like it times
out and I won't be able to connect again without generating outbound
traffic.
The internet connection is established through a WISP, where their Wireless
Radios all do Bridging rather than routing, and they have a linux box in
place as a router on their end of the Wireless link that supposedly has a
route in place to route the x.x.212.48/29 subnet to our main router
interface IP of x.x.210.21. I at first suspected some type of ARP timeout
on their network. However I worked with their technician yesterday and
during the period of time where I was able to connect to the machine he was
looking through all the ARP tables in their relevant equipment and never
found any entires for the x.x.212.39 address that the machine is NAT'd to.
Similar things happen on the x.x.212.52 address that is NAT'd to several
different machines on specific ports.
Any clues?
Thanks
Jonathan
.
- Follow-Ups:
- Re: Weird NAT/Routing Issue.
- From: Doan
- Re: Weird NAT/Routing Issue.
- Prev by Date: Re: Pings and PIX messages 302020: Built ICMP - 302021: Teardown ICMP Lots of them....
- Next by Date: Re: Can't NAT from outside with PIX 515
- Previous by thread: Re: OSPF recalc
- Next by thread: Re: Weird NAT/Routing Issue.
- Index(es):
Relevant Pages
|
