Dear listers, I am frustrated. I had this working perfectly, then my isp decided to change my ip address, then I had to change my configs and now it's not working. What I want to do is have NAT running on my 2511, be able to telnet into it, and have my dns server behind the nat in a private network. I was instructed earlier to have this partial config (IOS ver. 12.1(10) ): Interface ethernet0 Ip address 209.x.x.x Ip nat outside ! Interface s0 Ip address 192.168.1.1 Ip nat inside ! !! Maps nat translation process Ip nat inside source list 101 interface Ethernet0 overload !! For dns server mapping Ip nat inside source static 192.168.3.2 209.x.x.x ! !! Removes external address from nat process Access-list 101 deny ip host 209.x.x.x any !! Allows internal translation Access-list 101 permit ip 192.168.0.0 0.0.255.255 any ! Ip route 0.0.0.0 0.0.0.0 e0 permanent Ip route 192.168.3.0 255.255.255.0 serial 0 permanent ! end !! EOF With the dns server mapping, nat forwards *all* outside traffic bound directly to the 209.x.x.x interface to 192.168.3.2; so pings from the interface don't work, and telnets to the interface don't work. I had it working where it would only forward appropriate packets to the dns server, and also allow telnetting from the outside to the 2511. I must be missing something.
With or without the dns mapping all the private network clients are translated correctly. Telnet works fine from the inside. My understanding is that with cisco's NAT ALG, DNS translation is seamless *and* you still should be able to use that nat address for telnetting into the router. I'm not sure why it was working before, if it isn't supposed to work like this. Any ideas? Am I forgetting something that is obvious? Confused, Tim Booth MCDBA, CCNP, CCDP, CCIE written ----------------------------------------- Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety. Benjamin Franklin, 1759 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35928&t=35928 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
