cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2624
Views
5
Helpful
9
Replies

Can't set up a NAT pool with a WAN /29 address when the router has a /30 address.

ke6gujke6guj
Level 1
Level 1

I am trying to set up a UC520.  I have a /30 address block for the router and the ISP gateway, and a separate /29 address block for my static IP addresses.    With CCA 3.0(1), it won't let me set my NAT pool with one of the /30 addresses,  Tells me that there is an error creating the NAT pool.  "Invalid IP address subnet.  NAT pool IP addresses must be in the same subnet as the WAN IP address."

In addition, if I try to do a Static NAT Mapping, it won't let me assign one of those /30 addresses to an internal server,.  It puts a red box around that /30 address.

Is there a way to let the router know that I have a second subnet of WAN addresses so that I can use CCA to do the configuration, or am I stuck doing it CLI?

Thanks, Jack

9 Replies 9

cadet alain
VIP Alumni
VIP Alumni

Hi,

Can you post screenshot of what you've doing with the CCA ?

Have you looked for a possible bug in CCA?

Regards.

Alain.

Don't forget to rate helpful posts.

I'll be back on site tomorrow and can do up some screen shots.

Thanks, Jack

OK, this is what I have assigned to me:

LAN Block: 38.xxx.50.168/29

LAN Subnet: 255.255.255.248

WAN Block: 38.xxx.50.160/30

WAN Subnet: 255.255.255.252

Usable IPs: 38.xxx.50.169-.174

Cust Serial: 38.xxx.50.162

AOI Serial: 38.xxx.50.161

Router is set to use the 50.162 address and I am trying to set my NAT pool to use the 50.174 address, but get an error.  Same goes for if I try to to map the 50.169 address to an internal server.

I am doing this before the router is actually connected to the ISP connection at the branch office.  Is that causing the problem, that CCA can't confirm that the /29 addresses I am trying to NAT are actually there?

Hi,

Is LAN Block: 38.xxx.50.168/29 configured somewhere on the router?

Regards.

Alain.

Don't forget to rate helpful posts.

no, its not.  I can't find a spot in CCA to tell it that I have that additional block of WAN addresses that it can NAT from.  It wants to only NAT from the /30 block.

And on a 1760 router that we have set up in Mexico, it is set up the same way, with a WAN block of /30 addresses for the router/ISP gateway and a second WAN /29 block for the static IP addresses.  In the CLI config, there is no explicit listing of the /29 block at all.

this is how they set it up in the 1760:

interface Serial0/0:1
description For Telmex
bandwidth 2048
ip address 201.xxx.241.125 255.255.255.252

ip nat pool telmex 201.xxx.232.174 201.xxx.232.174 netmask 255.255.255.240
ip nat inside source route-map nonat pool telmex overload
ip nat inside source static 192.168.2.10 201.xxx.232.161
ip nat inside source static 192.168.2.11 201.xxx.232.162
ip nat inside source static 192.168.2.12 201.xxx.232.163
ip nat inside source static 192.168.2.180 201.xxx.232.164
ip nat inside source static 192.168.2.150 201.xxx.232.165
ip nat inside source static 192.168.2.5 201.xxxx.232.167

the block of IP addresses from 232.161-174 is not explicitily set anywhere in the config, but it works.

Hi,

   As long as ISP routes the public ip pools to your router. You will be fine to add static nats mapping those ip addresses on the router.

HTH,

Toshi

thats the way I understand it to work, but CCA won't let me NAT those routable /29 addresses.  It wants to match that address to the /30 address range that I have set for the router's IP address.  Since the addresses I want to use for NAT are not in the /30 block, CCA won't let me use them.

  Is this a problem where CCA won't left you can't have a dual WAN range (I don't even know the proper term when the ISP gives you a /30 range for the router-ISP gateway and a separate /29 range for the static IP addresses) and that it has to be done via CLI?  Or is it just an issue because I don't actually have the router plugged into the ISP's equipment?  That if CCA can see that the /29 address range is actually present, that it will let me set it up?

If I have to set the NAT'ing via CLI but can go into CCA afterwards and adjust access-lists and such, that would probably be OK.

bump

Forget CCA, it's only a selling point for Cisco.

If the job can be done with CLI, end of issue.