05-23-2011 03:13 PM - edited 03-04-2019 12:30 PM
I am trying to set up a UC520. I have a /30 address block for the router and the ISP gateway, and a separate /29 address block for my static IP addresses. With CCA 3.0(1), it won't let me set my NAT pool with one of the /30 addresses, Tells me that there is an error creating the NAT pool. "Invalid IP address subnet. NAT pool IP addresses must be in the same subnet as the WAN IP address."
In addition, if I try to do a Static NAT Mapping, it won't let me assign one of those /30 addresses to an internal server,. It puts a red box around that /30 address.
Is there a way to let the router know that I have a second subnet of WAN addresses so that I can use CCA to do the configuration, or am I stuck doing it CLI?
Thanks, Jack
05-24-2011 04:40 AM
Hi,
Can you post screenshot of what you've doing with the CCA ?
Have you looked for a possible bug in CCA?
Regards.
Alain.
05-24-2011 09:11 AM
I'll be back on site tomorrow and can do up some screen shots.
Thanks, Jack
05-25-2011 12:59 PM
OK, this is what I have assigned to me:
LAN Block: 38.xxx.50.168/29
LAN Subnet: 255.255.255.248
WAN Block: 38.xxx.50.160/30
WAN Subnet: 255.255.255.252
Usable IPs: 38.xxx.50.169-.174
Cust Serial: 38.xxx.50.162
AOI Serial: 38.xxx.50.161
Router is set to use the 50.162 address and I am trying to set my NAT pool to use the 50.174 address, but get an error. Same goes for if I try to to map the 50.169 address to an internal server.
I am doing this before the router is actually connected to the ISP connection at the branch office. Is that causing the problem, that CCA can't confirm that the /29 addresses I am trying to NAT are actually there?
05-26-2011 04:12 AM
Hi,
Is LAN Block: 38.xxx.50.168/29 configured somewhere on the router?
Regards.
Alain.
05-26-2011 11:41 AM
no, its not. I can't find a spot in CCA to tell it that I have that additional block of WAN addresses that it can NAT from. It wants to only NAT from the /30 block.
And on a 1760 router that we have set up in Mexico, it is set up the same way, with a WAN block of /30 addresses for the router/ISP gateway and a second WAN /29 block for the static IP addresses. In the CLI config, there is no explicit listing of the /29 block at all.
this is how they set it up in the 1760:
interface Serial0/0:1
description For Telmex
bandwidth 2048
ip address 201.xxx.241.125 255.255.255.252
ip nat pool telmex 201.xxx.232.174 201.xxx.232.174 netmask 255.255.255.240
ip nat inside source route-map nonat pool telmex overload
ip nat inside source static 192.168.2.10 201.xxx.232.161
ip nat inside source static 192.168.2.11 201.xxx.232.162
ip nat inside source static 192.168.2.12 201.xxx.232.163
ip nat inside source static 192.168.2.180 201.xxx.232.164
ip nat inside source static 192.168.2.150 201.xxx.232.165
ip nat inside source static 192.168.2.5 201.xxxx.232.167
the block of IP addresses from 232.161-174 is not explicitily set anywhere in the config, but it works.
05-26-2011 12:35 PM
Hi,
As long as ISP routes the public ip pools to your router. You will be fine to add static nats mapping those ip addresses on the router.
HTH,
Toshi
05-26-2011 12:59 PM
thats the way I understand it to work, but CCA won't let me NAT those routable /29 addresses. It wants to match that address to the /30 address range that I have set for the router's IP address. Since the addresses I want to use for NAT are not in the /30 block, CCA won't let me use them.
Is this a problem where CCA won't left you can't have a dual WAN range (I don't even know the proper term when the ISP gives you a /30 range for the router-ISP gateway and a separate /29 range for the static IP addresses) and that it has to be done via CLI? Or is it just an issue because I don't actually have the router plugged into the ISP's equipment? That if CCA can see that the /29 address range is actually present, that it will let me set it up?
If I have to set the NAT'ing via CLI but can go into CCA afterwards and adjust access-lists and such, that would probably be OK.
05-31-2011 07:39 AM
bump
05-31-2011 07:46 AM
Forget CCA, it's only a selling point for Cisco.
If the job can be done with CLI, end of issue.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide