• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Cisco 1811 - NAT stops working randomly

B

bobdole369

Diamond Member
Hi all - I'm likely missing something silly so don't murder me if thats the case - Have a fairly simple setup on an 1811 - it's actually scaled down a bit now that we've removed 1 of 2 WAN links - and this router is only using 1 WAN port.

Services through the router include a custom data receiver on tcp port 50900. That never seems to stop working.

Have one machine set to overload on a public IP. Another has a combination of static NAT for ftp - and dynamic (another public IP with a diff pool) -

Randomly stops working until I reload. Any thoughts?

Here is config - ips changed - but its a /29 block through the phone company - "business DSL with static IP".

Machine in question has local IP 192.168.105.69 - and shoul have global PUBLIC173 ports 20,21 for ftp statically mapped. Needs to have dynamic NAT as well for outbound DNS, NTP, and http, but thats it.

simon_WAN34#sh conf
Using 6544 out of 196600 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname host1_rtr
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
no logging monitor
enable secret 5 secret1
enable password nomis
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
aaa session-id common
!
resource policy
!
!
!
ip cef
!
!
no ip domain lookup
ip domain name domain1.com
!
!
!
username user1 privilege 15 secret 5 xxxxxxxxxxxxx
!
!
!
!
!
!
interface FastEthernet0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1
description WAN4
bandwidth 512
bandwidth receive 6000
ip address PUBLICIP3 255.255.255.248
ip broadcast-address BROADCAST1
no ip proxy-arp
ip nbar protocol-discovery
ip nat outside
ip virtual-reassembly
ip route-cache same-interface
ip route-cache policy
ip route-cache flow
ip tcp adjust-mss 1452
no ip mroute-cache
load-interval 30
tx-ring-limit 32
tx-queue-limit 32
duplex auto
speed auto
ntp disable
max-reserved-bandwidth 95
!
interface FastEthernet2
description corp LAN1
switchport access vlan 2
vlan-id dot1q 2
description corp LAN1
exit-vlan-config
!
!
interface FastEthernet3
shutdown
!
interface FastEthernet4
shutdown
!
interface FastEthernet5
shutdown
!
interface FastEthernet6
shutdown
!
interface FastEthernet7
shutdown
!
interface FastEthernet8
shutdown
!
interface FastEthernet9
shutdown
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$ES_LAN$
no ip address
shutdown
!
interface Vlan2
description SiMON_corp_vlan2
ip address 192.168.104.2 255.255.248.0
ip broadcast-address 192.168.111.255
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache policy
ip tcp adjust-mss 1452
no ip mroute-cache
load-interval 30
!
interface Async1
no ip address
encapsulation slip
!
ip route 0.0.0.0 0.0.0.0 FastEthernet1 PUBLICIP0
ip route PUBLICIPRANGE1 255.255.255.255 FastEthernet1
ip route 192.168.104.0 255.255.248.0 Vlan2
!
!
no ip http server
no ip http secure-server
ip nat translation tcp-timeout 600
ip nat translation udp-timeout 600
ip nat pool WAN4_POOL publicIP1 publicIP1 prefix-length 29
ip nat pool PAS1_POOL publicIP2 publicIP2 prefix-length 29
ip nat inside source list 150 pool WAN4_POOL overload
ip nat inside source list 169 pool PAS1_POOL overload
ip nat inside source static tcp 192.168.105.60 25 PUBLIC172 25 extendable
ip nat inside source static tcp 192.168.107.90 3000 PUBLIC172 3000 extendable
ip nat inside source static tcp 192.168.107.90 3001 PUBLIC172 3001 extendable
ip nat inside source static tcp 192.168.107.90 3002 PUBLIC172 3002 extendable
ip nat inside source static tcp 192.168.107.90 3003 PUBLIC172 3003 extendable
ip nat inside source static tcp 192.168.107.90 3007 PUBLIC172 3007 extendable
ip nat inside source static tcp 192.168.107.90 80 PUBLIC172 8000 extendable
ip nat inside source static tcp 192.168.107.90 8800 PUBLIC172 8800 extendable
ip nat inside source static tcp 192.168.105.69 20 PUBLIC173 20 extendable
ip nat inside source static tcp 192.168.105.69 21 PUBLIC173 21 extendable
ip nat inside source static tcp 192.168.107.91 3000 PUBLIC173 3000 extendable
ip nat inside source static tcp 192.168.107.91 3001 PUBLIC173 3001 extendable
ip nat inside source static tcp 192.168.107.91 3003 PUBLIC173 3003 extendable
ip nat inside source static tcp 192.168.107.91 3007 PUBLIC173 3007 extendable
ip nat inside source static tcp 192.168.107.91 80 PUBLIC173 8100 extendable
ip nat inside source static tcp 192.168.107.91 8800 PUBLIC173 8800 extendable
ip nat inside source static tcp 192.168.105.90 222 PUBLIC174 22 extendable
ip nat inside source static tcp 192.168.105.90 80 PUBLIC174 80 extendable
ip nat inside source static tcp 192.168.105.90 81 PUBLIC174 81 extendable
ip nat inside source static tcp 192.168.105.90 8003 PUBLIC174 800 extendable
ip nat inside source static tcp 192.168.107.92 3000 PUBLIC174 3000 extendable
ip nat inside source static tcp 192.168.107.92 3001 PUBLIC174 3001 extendable
ip nat inside source static tcp 192.168.107.92 3003 PUBLIC174 3003 extendable
ip nat inside source static tcp 192.168.107.92 3007 PUBLIC174 3007 extendable
ip nat inside source static tcp 192.168.105.80 3389 PUBLIC174 3389 extendable
ip nat inside source static tcp 192.168.105.90 4700 PUBLIC174 4700 extendable
ip nat inside source static tcp 192.168.105.90 8001 PUBLIC174 8001 extendable
ip nat inside source static tcp 192.168.105.90 8002 PUBLIC174 8002 extendable
ip nat inside source static tcp 192.168.105.90 8003 PUBLIC174 8003 extendable
ip nat inside source static tcp 192.168.107.92 80 PUBLIC174 8200 extendable
ip nat inside source static tcp 192.168.107.92 8800 PUBLIC174 8800 extendable
ip nat inside source static tcp 192.168.105.90 9000 PUBLIC174 9000 extendable
ip nat inside source static tcp 192.168.105.90 9001 PUBLIC174 9001 extendable
ip nat inside source static tcp 192.168.105.90 9002 PUBLIC174 9002 extendable
ip nat inside source static tcp 192.168.105.90 9003 PUBLIC174 9003 extendable
ip nat inside source static tcp 192.168.105.80 50900 PUBLIC174 50900 extendable
!
access-list 150 permit ip host 192.168.106.60 any
access-list 169 permit udp host 192.168.105.69 any eq domain
access-list 169 permit tcp host 192.168.105.69 any eq www
access-list 169 permit udp host 192.168.105.69 any eq ntp
!
!
!
!
!
!
control-plane
!
banner login ^CC
login notes ----
^C
!
line con 0
password xxxxx
line 1
modem InOut
no exec
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
password xxxxx
line vty 0 4
privilege level 15
password xxxxx
transport input telnet ssh
!
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end
 
I have found the solution! DO NOT USE IP NAT POOL!!!! (if you are using Static and Dynamic NAT Simultaneously)

"the same IP address cannot be used for the NAT static configuration or in the pool for NAT dynamic configuration."

http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/13778-9.html



If you are Configuring Static and Dynamic NAT Simultaneously, the setup should be like below

ip nat inside source list 1 interface g0/0 overload


ip nat inside source static tcp 10.10.10.1 25 172.16.130.2 25


*I changed my IP nat pool mynatpool 99.3.81.66 99.3.81.66, so the range would be only 1 publick IP, and my static NAT still stopped working for the FTP server...but after I removed
no ip nat pool mynatpool 99.3.81.66 99.3.81.66 prefix-length 24
no ip nat inside source list 1 pool mynatpool overload
and added
ip nat inside source list 1 interface G0/0 overload

I have had 3 days without any Static NAT issues!
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top