We are replacing an old 2501 perimeter router with a 2610 at a client. The old NAT pool was set up a little wierd so I tried the following config on NAT:
access-list 1 deny host a.b.c.8
access-list 1 deny host a.b.c.10
access-list 1 permit a.b.c.0 0.0.0.255
!
ip nat translation timeout 86400
ip nat translation tcp-timeout 86400
ip nat translation udp-timeout 300
ip nat translation dns-timeout 60
ip nat translation finrst-timeout 60
ip nat inside source list 1 interface Serial 0/0.1 overload
ip nat inside source static tcp a.b.c.8 25 x.y.z.189 25 extendable
ip nat inside source static tcp a.b.c.10 443 x.y.z.186 443 extendable
Nada. No internet. To add yet another layer of complexity, there is an old Proxy 2 box acting as a mail relay and proxy box (that is being phased out, another story). I fiddled with the NAT for a bit and copied the old NAT setup into the 2610 and walla, it was good. Below is the old NAT setup:
ip nat translation timeout never
ip nat translation tcp-timeout never
ip nat translation udp-timeout never
ip nat translation finrst-timeout never
ip nat translation dns-timeout never
ip nat pool inet x.y.z.188 x.y.z.190 netmask 255.255.255.248
ip nat inside source list 1 pool inet overload
ip nat inside source static a.b.c.10 x.y.z.187
ip nat inside source static a.b.c.20 x.y.z.186
ip nat inside source static tcp a.b.c.8 25 x.y.z.189 25
extendable
!access-list for the pool
access-list 1 permit a.b.c.151
access-list 1 permit a.b.c.13
access-list 1 permit a.b.c.8
access-list 1 permit a.b.c.38
access-list 1 permit a.b.c.10
access-list 1 permit a.b.c.20
The extra IPs in the list are for servers no longer in service, but as I did a copy paste they show up. I also changed the timeouts in the NAT to 8 hours, so that is fixed. What I cant puzzle out, is why my NAT didnt work.
Any ideas?
J
access-list 1 deny host a.b.c.8
access-list 1 deny host a.b.c.10
access-list 1 permit a.b.c.0 0.0.0.255
!
ip nat translation timeout 86400
ip nat translation tcp-timeout 86400
ip nat translation udp-timeout 300
ip nat translation dns-timeout 60
ip nat translation finrst-timeout 60
ip nat inside source list 1 interface Serial 0/0.1 overload
ip nat inside source static tcp a.b.c.8 25 x.y.z.189 25 extendable
ip nat inside source static tcp a.b.c.10 443 x.y.z.186 443 extendable
Nada. No internet. To add yet another layer of complexity, there is an old Proxy 2 box acting as a mail relay and proxy box (that is being phased out, another story). I fiddled with the NAT for a bit and copied the old NAT setup into the 2610 and walla, it was good. Below is the old NAT setup:
ip nat translation timeout never
ip nat translation tcp-timeout never
ip nat translation udp-timeout never
ip nat translation finrst-timeout never
ip nat translation dns-timeout never
ip nat pool inet x.y.z.188 x.y.z.190 netmask 255.255.255.248
ip nat inside source list 1 pool inet overload
ip nat inside source static a.b.c.10 x.y.z.187
ip nat inside source static a.b.c.20 x.y.z.186
ip nat inside source static tcp a.b.c.8 25 x.y.z.189 25
extendable
!access-list for the pool
access-list 1 permit a.b.c.151
access-list 1 permit a.b.c.13
access-list 1 permit a.b.c.8
access-list 1 permit a.b.c.38
access-list 1 permit a.b.c.10
access-list 1 permit a.b.c.20
The extra IPs in the list are for servers no longer in service, but as I did a copy paste they show up. I also changed the timeouts in the NAT to 8 hours, so that is fixed. What I cant puzzle out, is why my NAT didnt work.
Any ideas?
J