Imporoper NATting issue

kpillai · ‎04-12-2005

I have a cisco 2600 router doing nat. Dynamic and static nat's are configured on this router. The nat is working properly but the wierd problem I have is, the dynamic NAT ip address is getting natted to a different IP address (static ) instead of the IP address (overlaod) assigned. If I reboot the router, it is getting natted to the correct IP address and after a while it is natting to th static IP.

I have attached the configuration and the output of the NAT translation for you gurus.

version 12.0

service password-encryption

!

logging buffered 4096 debugging

!

process-max-time 200

ip subnet-zero

!

interface Ethernet0/0

ip address 192.168.200.50 255.255.255.0

no ip directed-broadcast

ip nat outside

!

interface Serial0/0

no ip address

no ip directed-broadcast

encapsulation frame-relay IETF

service-module t1 timeslots 1-4

!

interface Serial0/0.2 point-to-point

description ATM to HQ

ip address 172.31.0.21 255.255.255.252

ip access-group 1 in

ip accounting output-packets

ip nat inside

frame-relay interface-dlci 40

!

router eigrp 2

redistribute static

network 172.16.0.0

network 172.31.0.0

network 192.168.21.0

network 192.168.40.0

network 192.168.170.0

network 192.168.200.0

no auto-summary

!

ip nat pool corpay 192.168.200.59 192.168.200.59 netmask 255.255.255.0

ip nat inside source list 102 pool corpay overload

ip nat inside source static 172.16.2.36 192.168.200.56

ip nat inside source static 172.16.0.52 192.168.200.53

ip nat inside source static 172.16.0.51 192.168.200.52

ip nat inside source static 172.16.0.75 192.168.200.51

ip nat inside source static 172.16.0.100 192.168.200.54

ip nat inside source static 172.16.0.2 192.168.200.55

ip classless

ip route 192.168.21.0 255.255.255.0 192.168.200.6

ip route 192.168.40.0 255.255.255.0 192.168.200.6

ip route 192.168.170.0 255.255.255.0 192.168.200.6

!

access-list 1 permit any

access-list 102 permit ip 172.16.0.0 0.15.255.255 any

!

line con 0

transport input none

speed 115200

line aux 0

modem Dialin

line vty 0 4

password 7 <removed>

login

!

end

As soon as I reboot the router and ping from my pc to 192.168.21.10, I get a reply and below is the NAT translation

Livonia_MI#sh ip nat trans

Pro Inside global Inside local Outside local Outside global

--- 192.168.200.51 172.16.0.75 --- ---

--- 192.168.200.52 172.16.0.51 --- ---

--- 192.168.200.53 172.16.0.52 --- ---

--- 192.168.200.54 172.16.0.100 --- ---

--- 192.168.200.55 172.16.0.2 --- ---

--- 192.168.200.56 172.16.2.36 --- ---

icmp 192.168.200.59:512 172.16.0.230:512 192.168.21.10:512 192.168.21.10:512

tcp 192.168.200.59:1812 172.16.0.230:1812 192.168.21.10:23 192.168.21.10:23

After 2 hours, if I ping to 192.168.21.10 from my pc, I get a reply but the source address is translated to 192.168.200.53 which is supposed to be staticNAT.

Livonia_MI#sh ip nat trans

Pro Inside global Inside local Outside local Outside global

--- 192.168.200.51 172.16.0.75 --- ---

--- 192.168.200.52 172.16.0.51 --- ---

--- 192.168.200.53 172.16.0.52 --- ---

--- 192.168.200.54 172.16.0.100 --- ---

--- 192.168.200.55 172.16.0.2 --- ---

--- 192.168.200.56 172.16.2.36 --- ---

icmp 192.168.200.53:512 172.16.0.230:512 192.168.21.10:512 192.168.21.10:512

udp 192.168.200.53:137 172.16.0.32:137 192.168.21.1:137 192.168.21.1:137

If I restart the router, the NATting working properly and after some time it starts tranlsating to the wrong IP address.

Gurus, please look at the configration and let me knof if I am doing anything wrong.

Thanks

Kumar

thisisshanky · ‎04-12-2005

What IOS version are you running on the box ?

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

kpillai · ‎04-12-2005

The version is 12.0(5) T1

Thanks