Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Traffic not following static NAT Routes

Status
Not open for further replies.
Phizzle

Phizzle

IS-IT--Management
Aug 2, 2001
40
0
0
US
We have 1 dynamic for all internal traffic and 3 static routes for ports 25, 80, and 443. We are also translating the IP to a different address. However, it seems that none of these routes are being followed. The problem is that SMTP traffic is being 'tagged' w/ the serial0/0/0 address and not the translated address, which is causing problems w/ our PTR records.
Here's the current NAT setup...

ip nat inside source list 151 interface Serial0/0/0 overload
ip nat inside source static tcp xxx.xxx.x.7 25 xxx.xxx.xxx.58 25 extendable
ip nat inside source static tcp xxx.xxx.x.7 80 xxx.xxx.xxx.58 80 extendable
ip nat inside source static tcp xxx.xxx.x.7 443 xxx.xxx.xxx.58 443 extendable

It seems that everything is going out through overload and not being translated to the correct IP (which is the problem).

Thanks,
 
Sort by date Sort by votes
More information...
Router is Cisco 2811 IOS 12.3
 
Upvote 0 Downvote
ACL 151
access-list 151 deny ip 192.168.1.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 151 deny ip 192.168.1.0 0.0.0.255 192.168.101.0 0.0.0.255
access-list 151 permit ip 192.168.1.0 0.0.0.255 any
access-list 151 permit ip 172.16.1.0 0.0.0.255 any
 
Upvote 0 Downvote
X.X.X.7 is your inside address and X.X.X.58 is your global address correct?

If you remove the port assignments and lets say remove the deny statements from the acces-list does it translate at all or still doesnt work? try keeping the nat config simple to start with then add the complexity once its tranlating.

your trying to permit 192.168.1.0 in line 3 but you've already denied earlier in the list?
 
Upvote 0 Downvote
I think you may be correct - I think we may have to NAT everything to the .58 address and use the ACL to allow/deny..I'm not sure if that is as secure, but may be the only way to get mail to AOL...
 
Upvote 0 Downvote
it is working as it should with your current config.
if the packet originates from the outside world it will be natted to the correct internal ip.
if you originate the packet internally it will be overloaded and get your dynamic ip.

ive never tried but you may have to create another overload statement and overload all traffic with source (smtp server) out using the wan ip that you wish.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

quazimotto
  • Locked
  • Question
Cisco ASA_5505 VPN to Juniper_SRX210 VPN IS UP_ No Traffic!!!!!!
Replies
0
Views
42
quazimotto
quazimotto
steel_bender
  • Locked
  • Question
Allow HTTPS TCP Traffic through ASA5525
Replies
1
Views
82
Mogles49
Mogles49
telemarksman
  • Locked
  • Question
ATA Cisco SPA122 not triggering single line courtesy phone ringer
Replies
0
Views
51
telemarksman
telemarksman
acabezas2014
  • Locked
  • Question
Need to create QoS for SNMP and Radius traffic on Cisco 4948 Switches
Replies
0
Views
38
acabezas2014
acabezas2014
rejackson
  • Locked
  • Question
Traffic shaping - how much memory is required
Replies
0
Views
35
rejackson
rejackson

Part and Inventory Search

Sponsor

Back
Top