cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
851
Views
19
Helpful
5
Replies

An Easy Question about NAT pools

Bernard.Luksich
Level 1
Level 1

We are configuring a new router and for some reason cannot get a "NAT pool" to work.  We are sure it is something easy were are missing so thought maybe someone here can see the problem.  We are also basing this configuation on an existing router which are now coming to believe was not properly configured and that is throwing us off.  This is a test environment so things are simple here.

We will keep it short.  We have two interfaces:                    

interface GigabitEthernet0/0

description Local network

ip address 172.16.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

!

interface GigabitEthernet0/1

description Port to the outside Internet

ip address 10.0.0.2 255.255.255.0  <---This network has a gateway router at 10.0.0.1

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

We set up a pool of addresses for NAT'ing

ip nat pool Extenal_Addresses 10.0.0.3 10.0.0.4 netmask 255.255.255.0

ip nat inside source list Addresses_to_NAT pool External_Addresses overload

Set the route of last resort...actually pretty much everything should move over to that gateway address.

ip route 0.0.0.0 0.0.0.0 10.0.0.1

Finally the list of internal addresses that should be NAT'ed  (basically all of them)

ip access-list extended Addresses_to_NAT

permit ip 172.16.1.0 0.0.0.255 any

deny   ip any any

That that is it.  When we run we do get counts on the access list "Addresses_to_NAT" but nothing seems to leave the router. 

NOTE:  If we do change the nat statement to:

ip nat inside source list Addresses_to_NAT interface GigabitEthernet0/1 overload

Then everything works.  HOWEVER, it only uses the IP address of the router for the NAT address and ignores the pool.  We want to have the addresses be NAT'ed to the other IP address we listed.

Everything looks like what we see in the documentation but something is amiss here.

Hopefully this is an easy one for someone.

Thanks in advance for your response it is appreciated.

1 Accepted Solution

Accepted Solutions

John Blakley
VIP Alumni
VIP Alumni

Bernard,

Do you have a typo in your nat pool name?

ip nat pool Extenal_Addresses 10.0.0.3 10.0.0.4 netmask 255.255.255.0

ip nat inside source list Addresses_to_NAT pool External_Addresses overload

The pool name doesn't match in the source line. That could be all your issue is...

HTH,

John

HTH, John *** Please rate all useful posts ***

View solution in original post

5 Replies 5

Jan Hrnko
Level 4
Level 4

Hi Bernard,

well it doesn't seem as an easy question at all . I have just configured the routers same way as you did and it works either way! I just can't think of a problem here... Maybe there is something more to it than just these configs here.

When you issue show ip nat translations after ping from 172.168.1.x it doesn't have any output?

Best regards,

Jan

John Blakley
VIP Alumni
VIP Alumni

Bernard,

Do you have a typo in your nat pool name?

ip nat pool Extenal_Addresses 10.0.0.3 10.0.0.4 netmask 255.255.255.0

ip nat inside source list Addresses_to_NAT pool External_Addresses overload

The pool name doesn't match in the source line. That could be all your issue is...

HTH,

John

HTH, John *** Please rate all useful posts ***

Hi John,

wow, you have just amazed me! I have just rewritten the commands above to find logical error rather than carefully pre-read what is written to find the typo . Sometimes easier the error - harder to find. Till now I was really wondering where could the error be! I should learn patience while reading...

Best regards,

Jan

Jan, thanks so much for taking the time to look into our problem.  We really appreciate your efforts.  We had spent a day pouring over this one and just did not see the obvious.  I guess we read the words and our mind thinks it knows what they are without "seeing" what is written.

Again, your quick response and energy to help are greatly appreciated. 

Thanks,

Bernie

John, thanks so much for that one!  It is hard to believe we did not see that.  Thanks also for the quick response and taking the time to read though our configuration.  Things are now working as expected.

All the best,

Bernie

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: