Cisco Router 2620 with NAT and CBAC [secondary ip address] [cbac]
Worldwide Email Address Finder.
Re:If you ping an Internet address, do you get back clean pings all the time, or do you drop some? Try a ping -t www.yahoo.com and see how many fail.
- G
PHP Script For Geo-targetting Salespages: Increase Conversions 12-23%!
Re:I already tried that and works intermittently.
Cursos: como instalar Alarmas, Cctv y VideoVigilancia Ip
Re:I'm just wondering if the two NAT OUTSIDE statements are causing your problems. For example, in Windows , if you have two routes to the same network with the same metric it will alternate sending traffic between them.
Your router COULD be alternating sending packets between the the two interfaces listed in the NAT OUTSIDE – The S0/0 and the S0/0.100. It's the same physical interface, but they are treated as separate functional interfaces within the router.
That would actually make sense – Most TCP services would work in this scenario, since TCP is a connection-oriented protocol. If a packet gets lost (or sent out the wrong interface and dropped) it will get sent again. Things could be really slow, but they would probably work. Nearly all the common things you use are TCP – HTTP, telnet, FTP, etc. A few services, such as DNS require both UDP and TCP. UDP is a connectionless protocol – You send the packet and forget it. If it's lost, there's no way to tell. So, if you're having name resolution problems, you could be seeing lost DNS UDP packets.
Anyhow, try and take the NAT OUTSIDE statement out of S0/0 – It shouldn't be there anyhow, since that's not your outside interface.
- G
Pitch Magic: Drag and Drop Pitch Page Creation
Re:guy I tried that tell about the ip nat outside on ser0/0 ser0/0.100 and works intermittent
Real Estate Investing Guide
Re:oops, even the inspection is set on the FE0/0 the acces-list that the inspection modifiy r of the ser0/0.100. The way the cbac works is that it inspect
all the packets for invalid commands and as far the inspection don't find anything odd then it create an dymanic access-list allowing the access.
Cell Phone Magic!
Re:Thanks for the help, for the filtering I used as a guide a sample configuration on the cisco website, but I'm open to any suggestions.
Dr. Patricia Fioriello Consults
Re:I don't know why having the IP address inside will make any difference – With NAT, it's not ever published.
A couple of thoughts:
Are there any devices using the IP subnet of the public IP inside? You might ping the .0 or .255 address on that subnet (or whatever the broadcast address if it's less than a /24) and see if there are other hosts out there.
A lot of services don't work well when there's not both a forward and reverse DNS entry for the source IP. Is the s0/0 IP resolveable? That's your source, so if it's not it could easily cause problems.
Try and telnet to some box out on the Internet that you know – See what your source IP is. If it's the S0/0, then things are good. If it's the public on the inside, then something really odd is happening and could explain why things are not right when the public goes away.
Oh, and you've got your IP NAT OUTSIDE statement on both S0/0 and S0/0.100 – That could be causing some confusion, as the S0/0 isn't a real interface. I doubt if it is, as your NAT statements specify s0/0.100, but it's something that should be cleaned up.
Now, I haven't worked with the firewall feature set, but you're filtering the traffic coming IN from FE0/0. Shouldn't that be on S0/0.100? (Caveat: I hate ACL's wioth a passion, so I might well be wrong here. Second opinion recommended) Might want to do a show ip access list and see which ones are getting hit.
- G
spiritual aspects of pregnancy and fetal growth
Re:But the most strange thing is if I remove the public ip from fastethernet i get a routing loop
Bullying Prevention Interactive Computer Resource for Young Children
Re:CBAC is Content Based Access Control this is the new name for the cisco IOS Firewall feature set, line is a 384Kb burstable to 512Kb
and the processor utilization is 0%.
Circumcision Exposed: Rethinking a Medical & Cultural Tradition
Re:what is CBAC?
also what is the speed of the line and what is the processor utilization on the router? Very strange indeed, sorry no time to pick through the config.
Related posts
Tags: cbac, secondary ip address