Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

NAT Issue

Status
Not open for further replies.
Deadasbetamax

Deadasbetamax

MIS
Sep 27, 2007
30
US
I am having a problem with NAT on CISCO 1841 router. Here is the situation. I am trying to contact a FTP server on a non standard port 5000. For machines that have been statically assigned it works fine. For any machine using the x.x.x.38 NAT overload IP none get any farther in the FTP connection than trying to establish the link. Then the connection is refused by remote host. The config will be posted below. Any ideas? Thank you greatly in advance.

!
version 12.4
service timestamps debug uptime
service timestamps log datetime msec
service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
no logging console
!
aaa new-model
!
!
!
aaa session-id common
!
resource policy
!
clock timezone CST -6
clock summer-time CDT recurring
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
ip inspect one-minute high 4000
ip inspect one-minute low 3000
ip inspect dns-timeout 15
ip inspect name outbound tcp audit-trail on
ip inspect name outbound udp audit-trail on
ip inspect name outbound ftp audit-trail on
ip inspect name outbound realaudio audit-trail on
ip inspect name outbound smtp audit-trail on
!
!
ip flow-cache timeout active 1
ip name-server x.x.x.x
!
!
!
!
!
!
!
interface FastEthernet0/0
description connected to Lan
ip address 10.x.x.x 255.0.0.0
ip nat inside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
description connected to the Internet
ip address x.x.x.186 255.255.255.252
ip access-group 101 in
ip inspect outbound out
ip nat outside
ip virtual-reassembly
ip route-cache flow
no ip mroute-cache
no cdp enable
!
ip classless
ip route 0.0.0.0 0.0.0.0 x.x.x.185
ip flow-export source FastEthernet0/0
ip flow-export version 5
ip flow-export destination x.x.x.152 2055
!
ip http server
ip http access-class 10
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat pool inet_add x.x.x.38 x.x.x.38 netmask 255.255.255.248
ip nat inside source list 10 pool inet_add overload
ip nat inside source static x.x.x.10 x.x.x.33
ip nat inside source static x.x.x.218 x.x.x.34
ip nat inside source static x.x.x.101 x.x.x.35
ip nat inside source static x.x.x.12 x.x.x.36
!
logging trap debugging
logging x.x.x.152
access-list 10 permit x.x.x.0 0.255.255.255
access-list 101 permit tcp any host x.x.x.33 eq 1494
access-list 101 permit tcp any host x.x.x.33 eq www
access-list 101 permit tcp any host x.x.x.33 eq 2598
access-list 101 permit tcp any host x.x.x.33 eq 443
access-list 101 permit tcp any host x.x.x.34 eq www
access-list 101 permit tcp any host x.x.x.34 eq 3000
access-list 101 permit tcp any host x.x.x.34 eq 3001
access-list 101 permit tcp any host x.x.x.34 eq 3003
access-list 101 permit tcp any host x.x.x.34 eq 8800
access-list 101 permit tcp any host x.x.x.186 eq 22
access-list 101 permit tcp any host x.x.x.35 eq www
access-list 101 permit tcp any host x.x.x.35 eq 3000
access-list 101 permit tcp any host x.x.x.35 eq 389
access-list 101 permit tcp any host x.x.x.35 eq smtp
access-list 101 permit tcp any host x.x.x.35 eq pop3
access-list 101 permit tcp any host x.x.x.35 eq 587
access-list 101 permit tcp any host x.x.x.35 eq 143
access-list 101 permit tcp any host x.x.x.35 eq domain
access-list 101 permit tcp any host x.x.x.35 eq 3002
access-list 101 permit tcp any host x.x.x.35 eq 1000
access-list 101 permit tcp any host x.x.x.35 eq 366
access-list 101 permit tcp any host x.x.x.35 eq ftp
access-list 101 permit tcp any host x.x.x.36 eq 1494
access-list 101 permit tcp any host x.x.x.36 eq 2598
access-list 101 permit tcp any host x.x.x.36 eq www
access-list 101 permit tcp any host x.x.x.36 eq 443
access-list 101 permit tcp any host x.x.x.36 eq 3389
access-list 101 permit tcp any host x.x.x.36 eq 5500
access-list 101 deny ip any any
snmp-server community public RO
snmp-server enable traps tty
!
!
control-plane
!
banner motd CC
Unauthorized Access to this system is strictly prohibited!!
!
line con 0
exec-timeout 0 0
privilege level 15
line aux 0
modem InOut
modem autoconfigure type usr_sportster
transport input all
line vty 0 4
transport input telnet ssh
line vty 5 15
transport input telnet ssh
!
scheduler allocate 3000 1000
end
 
Sort by date Sort by votes
A little addition if map a static NAT translation for a specific machine or use one of the machines which already have a static NAT translation mapped it works fine.
 
Upvote 0 Downvote
Current
ip nat pool inet_add x.x.x.38 x.x.x.38 netmask 255.255.255.248 <---used with multiple ip range

ip nat inside source list 10 pool inet_add overload

access-list 10 permit x.x.x.0 0.255.255.255
-----------------------------------------------------
Try this:

ip nat inside source list 10 serial overload

access-list 10 permit any any




[americanflag] Go Army!
Tek-TIP Member 19,650
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

phonedudeSr
  • Locked
  • Question
Cisco Unity Connection Subscriber issue
Replies
2
Views
105
phonedudeSr
phonedudeSr
HollTel
  • Locked
  • Question
Cisco UC520 Shared Line issue
Replies
0
Views
61
HollTel
HollTel
acollard83
  • Locked
  • Question
Cisco 6509 WS-X6704-10GE Issue
Replies
3
Views
133
mattKnight
mattKnight
dmourghen
  • Locked
  • Question
PBR issue and Access-list
Replies
0
Views
85
dmourghen
dmourghen
DrB0b
  • Locked
  • Question
Cisco SG300-28PP PoE Switch issue enabling L3
Replies
2
Views
136
CASSBusinessSystems
CASSBusinessSystems

Part and Inventory Search

Sponsor

Back
Top