I have a problem with WS-C3560X-24P-L nat
I have the following topology, I ve got static nat entries for each servers and overload for other users.
When servers / users accesing to internet or from internet to servers there is no issue.
Problem is when i try to reach server 192.168.1.1 via its public ip (10.10.10.2) from server 192.168.1.2 with tcp (80, 1433 etc) it fails
If i try to ping 10.10.10.2 from 192.168.1.2 i can get replies
when i check the nat translations i can see that server 192.168.1.1's ip address is nated to 10.10.10.2 and 192.168.1.2 to 10.10.10.3
also when i run debug while i try to access to 10.10.10.2 with tcp packets i can see that packet is routed with source ip 10.10.10.3 and destination ip 10.10.10.2
am i missing somthing?
here is the sample config;
!
interface FastEthernet0/0
ip address 10.10.10.1 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.1.254 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source static 192.168.1.1 10.10.10.2 extendable
ip nat inside source static 192.168.1.2 10.10.10.3 extendable
!
access-list 1 permit 192.168.1.0 0.0.0.255
Answer:
you can't communicate with the outside public IP from an inside address with the old style NAT,but normally it should work with the newest NAT NVI config and no ip redirect on both interfaces. to configure nat NVI, just replace ip nat in and ip nat out by WS-C3560X-24P-S Price simply ip nat enable and get rid of the inside keyword in your NAT statements.
没有评论:
发表评论