[prev in list] [next in list] [prev in thread] [next in thread]
List: inet-access
Subject: Re: Stupid Cisco NAT problem
From: up () 3 ! am
Date: 2003-11-12 3:30:54
[Download RAW message or body]
never mind, I think I figured it out...I pulled down their access-list
because they were using it to limit telnet access to the router, and I
assumed that's all it was used for. After perusing cisco's site some
more, it appears that the access-list was also the source list for the NAT
pool. Urrrgh....
On Tue, 11 Nov 2003 up@3.am wrote:
>
> Never did NAT through a Cisco, since those types of customers have always
> been ISDN customers with Pipelines and such, but now I have a T1 customer
> that's switching from another upstream to us, and they do NAT on a Cisco
> 16xx. Their NAT worked fine through the old upstream, but when I change
> the IPs in the pool to ours, nothing translates
>
> I managed to reconfig everything remotely; here is the old, working
> config, including RIP2 warts and all, with only a secondary IP from their
> new allocation from us on their ether:
>
> Using 1173 out of 7506 bytes
> !
> version 12.0
> service config
> service timestamps debug uptime
> service timestamps log uptime
> service password-encryption
> !
> hostname OLMCS
> !
> enable secret 5 $1$R7hO$nhwTHNuwxpxOywO.EogDK.
> !
> ip subnet-zero
> no ip domain-lookup
> clock timezone EST -5
> clock summer-time EST recurring
> !
> !
> !
> interface Ethernet0
> ip address our.new.ip.1 255.255.255.0 secondary
> ip address 192.168.1.1 255.255.255.0
> no ip directed-broadcast
> ip nat inside
> ip route-cache policy
> no cdp enable
> !
> interface Serial0
> bandwidth 1536
> ip address old.isp.serial.230 255.255.255.252
> no ip directed-broadcast
> ip nat outside
> ip rip send version 1 2
> encapsulation ppp
> no ip route-cache
> keepalive 5
> no fair-queue
> !
> router rip
> version 2
> passive-interface Serial0
> network 192.168.1.0
> no auto-summary
> !
> ip nat pool internet-pool old.isp.209 old.isp.210 netmask 255.255.255.240
> ip nat inside source list 1 pool internet-pool overload
> ip classless
> ip route 0.0.0.0 0.0.0.0 Serial0
> !
> access-list 1 permit 192.168.1.0 0.0.0.255
> snmp-server community NUNYABIZ RO
> !
> line con 0
> exec-timeout 0 0
> transport input none
> line vty 0 4
> password ZZZZZZZZZZZZZZ
> login
> !
> end
>
> The above config translates fine. If I substitute our IPs, which consists
> of a /30 for the serial interfaces and a /24 for use between the NAT pool
> and non-nat internal hosts for them, nothing translates. Here are the
> lines I changed:
>
> interface Serial0
> ip address our.new.serial.230 255.255.255.252
>
> ip nat pool internet-pool our.new.ip.209 our.new.ip.210 netmask 255.255.255.0
>
> After that, I've tried clearing arp, route-cache, nat translations and a
> hard reload, and rebooted a win 2k box in their network just for good
> measure, but it refuses to translate RFC1918 to our.new.IPs If they
> configure a box on their end to access directly using our.addresses, it
> works fine. Clues appreciated...
>
> James Smallacombe PlantageNet, Inc. CEO and Janitor
> up@3.am http://3.am
> =========================================================================
>
> _______________________________________________
> "Eat sushi frequently". - Avi
> inet@inet-access.net is the human contact address.
> list@inet-access.net is the list posting address.
> See below URL for subscribe/unsubscribe and list options:
> http://inet-access.net/mailman/listinfo/list
>
James Smallacombe PlantageNet, Inc. CEO and Janitor
up@3.am http://3.am
=========================================================================
_______________________________________________
"Eat sushi frequently". - Avi
inet@inet-access.net is the human contact address.
list@inet-access.net is the list posting address.
See below URL for subscribe/unsubscribe and list options:
http://inet-access.net/mailman/listinfo/list
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic