You want to debug a NAT problem.
Cisco routers include a simple but useful debug facility for NAT. The basic form of the command is debug ip nat:
Router#debug ip nat
You can also add the detailed keyword to this command to get more information on each NAT event:
Router#debug ip nat detailed
It is often useful to use an access-list with the debug command. You can do this by simply specifying the number of the access-list. This will allow you to just look at NAT events for particular IP addresses that are permitted by the access-list:
Router#debug ip nat 15
You can also combine an access-list with the detailed keyword for more focused debugging:
Router#debug ip nat 15 detailed
The following shows some typical log entries:
Router#terminal monitor Router#debug ip nat Sep 8 19:51:08.396 EDT: NAT: s=192.168.3.1->192.168.19.1, d=192.168.3.2  Sep 8 19:51:11.560 EDT: NAT*: s=192.168.1.10->192.168.19.55, d=192.168.3.2 [490 9] Sep 8 19:51:11.568 EDT: NAT*: s=192.168.3.2, d=192.168.19.55->192.168.1.10 [490 9] Sep 8 19:51:11.572 EDT: NAT: s=192.168.3.2, d=192.168.19.55->192.168.1.10 [4909 ] Sep 8 19:51:12.552 EDT: NAT*: s=192.168.1.10->192.168.19.55, d=192.168.3.2 [491 1] Sep 8 19:51:12.564 EDT: NAT*: s=192.168.3.2, d=192.168.19.55->192.168.1.10 [491 1]
This particular trace follows a simple series of PING packets. The interior device 192.168.1.10 sends ICMP PING packets to the external destination 192.168.3.2. The router rewrites the internal address as 192.168.19.55 and forwards the packet to the external destination.
You can also see the PING responses coming back from the destination device. The router rewrites the internal address back to its true value and forwards the packet appropriately.
Router Configuration and File Management
User Access and Privilege Levels
Handling Queuing and Congestion
Tunnels and VPNs
NTP and Time
Router Interfaces and Media
Simple Network Management Protocol
First Hop Redundancy Protocols
Appendix 1. External Software Packages
Appendix 2. IP Precedence, TOS, and DSCP Classifications