Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
461
Views
0
Helpful
6
Replies

NAT stops NAT-ing

slilley92
Level 1
Level 1

‎07-09-2003 07:07 AM - edited ‎03-02-2019 08:44 AM

Has anyone ever seen this before? We have NAT set up on a 3640 router as follows:

ip nat inside source static 172.16.38.200 172.16.95.7

ip nat outside source static 172.16.95.7 172.16.38.200

When we send something from 172.16.38.200, the router is not translating it to 172.16.95.7. It had been doing this just fine for months, but suddenly just stopped. Translation is working in the opposite direction. Here's another weird thing: we have 12 other translations setup on this router, just like these (with different IP addresses, obviously). These are working fine. If we reboot the router, this translation may start working, but another will stop! When we put our sniffer on the outside of the router, we see the IP addresses coming thru as 172.16.38.200, not 172.16.95.7. Has anyone ever seen anything like this before? Any help is very much appreciated!!!

Thank you,

Steve

Labels:
0 Helpful
6 Replies 6

rjackson
Level 5
Level 5

‎07-09-2003 07:50 AM

remove the second statement. One static map is all you need. It might be geting confused from that. clear ip nat translations after removing the outside map.

0 Helpful

thisisshanky
Level 11
Level 11

‎07-09-2003 07:55 AM

Steve

You dont really need the outside source static command for every input source static entry that you key in. When packets go from inside to outside, those with source address of 172.16.38.200 will be translated to 172.16.95.7. When the packet returns back, the destination address field will have 172.16.95.7 and this is translated using the same entry, back to 172.16.38.200.

Hope that helps.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus
0 Helpful

slilley92
Level 1
Level 1
In response to thisisshanky

‎07-09-2003 08:18 AM

Thank you for your response! I did not mention this, but I think we want to leave it in, as the outside also needs to be able initiate communications with the inside devices.

0 Helpful

thisisshanky
Level 11
Level 11
In response to slilley92

‎07-09-2003 08:23 AM

From the outside, if communications are initiated using the 95.7 address, then you dont need the outside source entry. Otherwise you do.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus
0 Helpful

slilley92
Level 1
Level 1
In response to thisisshanky

‎07-09-2003 08:37 AM

Okay, I will give that a try. Thank you for your help!

0 Helpful

slilley92
Level 1
Level 1
In response to thisisshanky

‎07-10-2003 08:45 AM

The router is now NAT-ing everything again. it is really odd. It got down to one particular network that I could not get any NAT translations to happen for. After making some other, seemingly non-related changes, NAT began translating again for that network! We had a protocol analyzer on a device on the outside and could see the IP traffic for that network coming thru not translated. I had debug IP NAT going on the router and did not see translations for that network. After making the seemingly non-related changes, the router suddenly began doing the translations again for that network. Weird.

I removed all the outside source entries and everything is still working. Thank you for the suggestion! There is no sense having a bunch of redundant stuff in there if it is not needed.

Steve

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents