Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations John Tel on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Intermittant inside nat weirdness

Status
Not open for further replies.
overmodulation

overmodulation

Programmer
Oct 16, 2007
48
US
I have a Cisco 1811 that I have set up inside address translations to point traffic coming from the outside to specific app servers inside my network.

The one that points to my SQL Server (1433) is open to the world, I know. It needs to come from one specific IP but I haven't figured out how to make that work yet.

The other problem that I'm having is that this MSSQL connection works great for days at a time and then stops working for some reason all of a sudden.

The other app server port forwards are listening for traffic from all over the place and they work fine consistently.

My old cheaper router, on which I just used the "port forwarding" functionality, worked fine all the time. The new Cisco is the only change to the setup.

Here's my NAT config. Let me know if you see something...

Code: 
ip nat inside source list 1 interface FastEthernet0 overload
ip nat inside source static tcp 192.168.1.8 65531 interface FastEthernet0 65531
ip nat inside source static tcp 192.168.1.8 119 interface FastEthernet0 119
ip nat inside source static tcp 192.168.1.8 80 interface FastEthernet0 80
ip nat inside source static tcp 192.168.1.11 1433 interface FastEthernet0 1433

Thanks guys...
 
Sort by date Sort by votes
Guess my first question would be do you have a single external IP, or a block of them, and why aren't you natting directly to the external Ip, instead of the Interface, which i'm guessing is configured with the external Ip address. The other questionw ould be the default routes from the servers to the router. seems to me that every time i've got a nat issue it's actually a routing issue.
 
Upvote 0 Downvote
It's a single IP address. FastEthernet0 is an ADSL ...

The router LAN is 192.168.1.x and the servers are all 192.168.1.x...
 
Upvote 0 Downvote
For your SQL and allowing only 1 external IP..you should be able to do:

access-list 101 permit tcp host 1.2.3.4 any eq 1433
access-list 101 deny tcp any any eq 1433
access-list 101 permit ip any any


int x/x
ip nat outside
ip access-group 101 in

apply it inbound on your ip nat outside interface.
host 1.2.3.4 is the external host communicating w/the SQL server.


 
Upvote 0 Downvote
Yes it could very well be just someone going crazy on your SQL server. :) Applying that ACL would help, do it asap.
 
Upvote 0 Downvote
I had that before. It's bad - way bad. They see that 1433 open and send billions of login req's using the sa account.

I didn't see that in this case with ethereal but I'm gonna have this ACL done REAL SOON regardless!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

darktriad
  • Locked
  • Question
Cisco ASA 9.4: Configuring NAT
Replies
0
Views
240
darktriad
darktriad
netguy2000
  • Locked
  • Question
Cisco router 1841 NAT/PAT problem
Replies
0
Views
181
netguy2000
netguy2000
ngtri
  • Locked
  • Question
Please, need your help to check my configurations. NAT and HSRP
Replies
0
Views
181
ngtri
ngtri
DarthPanda
  • Locked
  • Question
No Telnet after NAT outside
Replies
2
Views
220
DarthPanda
DarthPanda
jmkelly
  • Locked
  • Question
Partly-dynamic / partly-static NAT
Replies
2
Views
199
jmkelly
jmkelly

Part and Inventory Search

Sponsor

Back
Top