I have a client request web service on a server behide NAT. My client IP is 10.54.10.193 NAT address: 10.54.28.183 Server address: 62.209.39.203
When client request web service on server we have TCP previous segment not captured as image below:
But at server side everything seems to be normal as image below:
When I run debug ip nat detailed I got this error:
*Aug 21 20:52:52.256: NAT*: Can't create new inside entry - forced_punt_flags: 0
*Aug 21 20:52:52.256: NAT*: i: tcp (62.209.39.203, 8083) -> (10.54.10.193, 64652) [30259]
*Aug 21 20:52:52.256: NAT*: s=62.209.39.203->10.54.28.183, d=10.54.10.193 [30259]
My config as follow:
Current configuration : 2873 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname VDC-CTIN-3725
!
boot-start-marker
boot system flash:c3725-advsecurityk9-mz.124-15.T14.bin
boot-end-marker
!
no aaa new-model
no network-clock-participate slot 1
ip cef
!
!
!
!
!
multilink bundle-name authenticated
interface Loopback0
ip address 10.54.1.1 255.255.255.255
!
interface FastEthernet0/0
description LAN-IDC
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip nat enable
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 123.30.169.46 255.255.255.192
ip nat inside
ip nat enable
ip virtual-reassembly
duplex auto
speed auto
crypto map Mobifone-to-Nuance
!
interface FastEthernet1/0
description MobiFone Metronet
ip address 10.54.28.183 255.255.255.224
ip nat outside
ip nat enable
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet1/1
description VinaPhone
no ip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
ip route 10.54.10.0 255.255.255.0 FastEthernet1/0 10.54.28.161 name VMS-PS
ip route 10.54.30.0 255.255.255.0 FastEthernet1/0 10.54.28.161 name VMS-VG
!
!
no ip http server
no ip http secure-server
ip nat source static tcp 192.168.1.2 3389 interface FastEthernet0/1 3389
ip nat inside source list 100 interface FastEthernet1/0 overload
ip nat inside source static tcp 62.209.39.197 8080 10.54.28.183 8080 extendable
ip nat inside source static tcp 62.209.39.203 8083 10.54.28.183 8083 extendable
!
access-list 100 permit ip 192.168.1.0 0.0.0.255 10.54.0.0 0.0.255.255
access-list 100 permit ip 62.209.39.192 0.0.0.15 10.54.0.0 0.0.255.255
access-list 100 permit icmp 62.209.39.192 0.0.0.15 10.54.0.0 0.0.255.255
access-list 101 permit ip 10.54.0.0 0.0.255.255 62.209.39.192 0.0.0.15
access-list 101 permit ip 192.168.1.0 0.0.0.255 62.209.39.192 0.0.0.15
access-list 101 permit icmp 192.168.1.0 0.0.0.255 62.209.39.192 0.0.0.15
Is there anything wrong with my NAT config? Please help me.