Dear Tim, Your configuration looks faulty. You did not specified the port for static "Ip nat inside source static 192.168.3.2 209.x.x.x " And some other things there
Pathfinder ""Tim Booth"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Dear listers, > > I am frustrated. I had this working perfectly, then my isp decided to > change my ip address, then I had to change my configs and now it's not > working. What I want to do is have NAT running on my 2511, be able to > telnet into it, and have my dns server behind the nat in a private > network. I was instructed earlier to have this partial config (IOS ver. > 12.1(10) ): > Interface ethernet0 > Ip address 209.x.x.x > Ip nat outside > ! > Interface s0 > Ip address 192.168.1.1 > Ip nat inside > ! > !! Maps nat translation process > Ip nat inside source list 101 interface Ethernet0 overload > !! For dns server mapping > Ip nat inside source static 192.168.3.2 209.x.x.x > ! > !! Removes external address from nat process > Access-list 101 deny ip host 209.x.x.x any > !! Allows internal translation > Access-list 101 permit ip 192.168.0.0 0.0.255.255 any > ! > Ip route 0.0.0.0 0.0.0.0 e0 permanent > Ip route 192.168.3.0 255.255.255.0 serial 0 permanent > ! > end !! EOF > With the dns server mapping, nat forwards *all* outside traffic bound > directly to the 209.x.x.x interface to 192.168.3.2; so pings from the > interface don't work, and telnets to the interface don't work. I had it > working where it would only forward appropriate packets to the dns > server, and also allow telnetting from the outside to the 2511. I must > be missing something. > > With or without the dns mapping all the private network clients are > translated correctly. Telnet works fine from the inside. My > understanding is that with cisco's NAT ALG, DNS translation is seamless > *and* you still should be able to use that nat address for telnetting > into the router. I'm not sure why it was working before, if it isn't > supposed to work like this. > > Any ideas? Am I forgetting something that is obvious? > > Confused, > Tim Booth > MCDBA, CCNP, CCDP, CCIE written > ----------------------------------------- > Those who would give up essential liberty to purchase a little temporary > safety deserve neither liberty nor safety. > Benjamin Franklin, 1759 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35937&t=35928 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
