02-08-2021 08:30 AM
I'm having issues with some simple NAT logic on a Nexus 93180YC-FX which when tested on an IOS based device work fine.
See attached for basic network diagram.
Basic configuration:
interface vlan100 ip nat inside interface vlan200 ip nat outside ip nat inside source static 99.88.8.121 192.168.1.121 ip nat outside source static 192.168.1.21 192.168.1.50 add-route
When I test this on the NK9 the inside rule works successfully.
The strange part is when i check the NAT translation table using show ip nat translations there is nothing listed after a successfully tested inside translation.
When I try to reach 192.168.1.21 using the outside global address 192.168.1.50 from 99.88.8.121 the frame arrives at 192.168.1.21 but the source address is still 99.88.8.121 and not the global inside address 192.168.1.121. I assume the static route created by add-route is allowing this to end up at 192.168.1.21 but why isn't the inside address being translated?
When I test this on an IOS based switch both rules work as expected and the NAT translation tables is properly populated with all the translations.
Is there a limitation with NAT with the specific 9K switch?
02-08-2021 08:47 AM
You need to have interface configuration with the IP address ?
can you post full configuration, here is my findings
ip nat inside source static 99.88.8.121 192.168.1.121 (this is 21 or typo) ?
02-08-2021 09:28 AM
Interface vlan 100 and interface vlan 200 are configured with L3 addresses - vlan 100 is inside and vlan 200 in outside.
This is to translate the source address of 99.88.8.121 to 192.168.1.121 as it leaves the inside interface towards the outside.
02-08-2021 09:37 AM
ok what is the outcome - (with out add-route)
ip nat outside source static 192.168.1.21 192.168.1.50
02-08-2021 09:49 AM
Without the add-route traffic doesn't make it to 192.168.1.21 at all.
02-08-2021 08:54 AM - edited 02-08-2021 09:39 AM
this is the NAT
what is the IP address of traffic you test
IP Source
IP Destination
IP nat inside is first
then
IP nat outside
some other device support Twice NAT
BUT to make both NAT work together please do
ip nat inside group 1
ip nat outside group 1
this make incoming traffic NAT using both command one time not use one and reject other.
02-08-2021 09:30 AM
I test ping 192.168.1.50 from 99.88.8.121.
My expected results on nxos as confirmed using an IOS switch is that source address is translated from 99.88.8.121 to 192.168.1.121 and the destination is translated from 192.168.1.50 to 192.168.1.21.
02-08-2021 09:35 AM
Need both nat work together using group keyword
02-08-2021 09:49 AM
The group keyword isn't even an option in the context of ip nat inside or ip nat outside.
02-08-2021 10:03 AM
Please see twice nat config,
Group keyward is option and it appear in end of command
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide