Question : Cisco NAT/PAT translating but static nats cannot reach the internet

I have the following router configuration. It isn't really that fancy. My internal network is on a 10.20.20.0 subnet and this includes the four servers: 10.20.20.50, 49, 48, and 52. They have static outside IPs we'll call XXX.XX.XX.81, 82, 83 and 84. I have a default outside IP of XX.XX.XX.78 to use for ALL traffic that isn't for these four machines.

I can access the machines from outside just fine... but these machines cannot get any access AT ALL to the outside. They can reply to incoming requests just fine, but I can't even do a ping to an outside IP address. I disabled my firewall access-lists altogether to prove to myself that it wasn't a firewall issue... and it isn't.

What's wrong with my nat config? I've tracked down that it may be due to overloading an interface... but I'm not sure!
(Also, note the 192.168.3.0... this is my vpn pool that works perfectly)
Code Snippet: 
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:

interface FastEthernet0/1
 description $ES_LAN$$ETH-LAN$$FW_INSIDE$
 ip address 192.168.1.8 255.255.255.0 secondary
 ip address 192.168.2.8 255.255.255.0 secondary
 ip address 10.20.20.1 255.255.255.0
 ip access-group 100 in
 ip verify unicast reverse-path
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 duplex auto
 speed auto
 no mop enabled
!
interface Serial0/0/0
 description External - T1$FW_OUTSIDE$$ES_WAN$
 ip address XXX.XX.XX.81 255.255.255.248 secondary
 ip address XXX.XX.XX.82 255.255.255.248 secondary
 ip address XXX.XX.XX.83 255.255.255.248 secondary
 ip address XXX.XX.XX.84 255.255.255.248 secondary
 ip address XXX.XX.XX.85 255.255.255.248 secondary
 ip address XXX.XX.XX.78 255.255.255.248
 ip access-group 101 in
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 crypto map CMAP
!
ip local pool vpn1 192.168.3.1 192.168.3.254
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0/0
!
!
no ip http server
no ip http secure-server
ip nat inside source list 106 interface Serial0/0/0 overload
ip nat inside source static 10.20.20.48 XXX.XX.XX.81
ip nat inside source static 10.20.20.49 XXX.XX.XX.82
ip nat inside source static 10.20.20.52 XXX.XX.XX.83
ip nat inside source static 10.20.20.50 XXX.XX.XX.84
!
(access-lists not shown except the nat acl)
access-list 106 remark ----==== Serial0/0/0 NAT ACL ====----
access-list 106 deny   ip 10.20.20.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 106 permit ip 10.20.20.0 0.0.0.255 any
Open in New Window
Select All

Answer : Cisco NAT/PAT translating but static nats cannot reach the internet

Wow. I figured it out. My ISP has obviously done something to the routes... pings going in and pings going out are dropped between my router and my gateway with my ISP. Traceroutes end with an infinite loop.

So I just called them and viola... they restored their good configuration of their router, thus I'm now in the clear. I told them to write the running-config to the startup-config.... like now.
Random Solutions  
 
programming4us programming4us