Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
609
Views
0
Helpful
0
Replies

INside and OUTside NAT on 2951-Router

TIBBN-Support
Level 1
Level 1

‎11-24-2014 08:11 AM - edited ‎03-05-2019 12:13 AM

Hello,

Using a 2951 router, i need to translate addresses. This seems to work "sometimes". I cannot find the reason, why it does not work in all cases.

 

IOS-Version: c2951-universalk9_npe-mz.SPA.151-4.M6.bin

The interfaces are defined as follows:

interface GigabitEthernet0/1
 ip address 193.83.51.13 255.255.255.248
 ip nat inside
 ip virtual-reassembly in
!
interface GigabitEthernet0/2
 ip address 10.255.82.26 255.255.255.248
 ip nat outside
 ip virtual-reassembly in
!

Together with the static route-definitions

ip route 172.16.0.0 255.240.0.0 193.83.51.9                              via g0/1
ip route 10.82.192.0 255.255.192.0 193.83.51.9

the "show ip route" identify the following routes (other routes are provided by OSPF and BGP which is not shown here):

S     172.16.0.0/12 [10/0] via 193.83.51.9
O        10.82.0.0/16 is a summary, 7w0d, Null0
S        10.82.192.0/18 [10/0] via 193.83.51.9
S        10.202.0.0/16 [10/0] via 193.83.51.9
B        10.202.132.37/32 [20/0] via 10.255.82.25, 3d00h             via g0/2
B        10.111.40.0/25 [20/0] via 10.255.82.25, 01:18:44

 

When i use the following NAT-Definitions

ip nat pool p220 10.82.220.1 10.82.223.254 netmask 255.255.252.0
ip nat inside source list al220 pool p220
ip access-list standard al220
 permit 172.28.0.0 0.3.255.255

ip nat pool p237 10.82.237.65 10.82.237.254 netmask 255.255.255.0
ip nat inside source list al237 pool p237
ip access-list standard al237
 permit 193.83.48.0 0.0.3.255

ip nat outside source static 10.202.132.37 10.111.40.37

 

The connection seems to work. It shows:

trace 10.111.40.37 source 193.83.51.13
<suppressed>
show ip nat trans | inc 10.111.40.37
--- ---                   ---                   10.111.40.37          10.202.132.37
udp 10.82.237.65:49226    193.83.51.13:49226    10.111.40.37:33434    10.202.132.37:33434
udp 10.82.237.65:49227    193.83.51.13:49227    10.111.40.37:33435    10.202.132.37:33435
udp 10.82.237.65:49228    193.83.51.13:49228    10.111.40.37:33436    10.202.132.37:33436

 

However, if i change 'trace' to 'ping' it will no longer work:

ping 10.111.40.37 source 193.83.51.13
show ip nat trans | inc 10.111.40.37
--- ---                   ---                   10.111.40.37          10.202.132.37
icmp 10.82.237.65:5       193.83.51.13:5        10.111.40.37:5        10.111.40.37:5

It will also fail if a source-interface beyond the 'inside-connection' is used.:

show ip nat trans | inc 10.111.40.37
--- ---                   ---                   10.111.40.37          10.202.132.37
tcp 10.82.220.162:49639   172.30.37.100:49639   10.111.40.37:80       10.111.40.37:80
tcp 10.82.220.162:49640   172.30.37.100:49640   10.111.40.37:80       10.111.40.37:80
tcp 10.82.220.162:49641   172.30.37.100:49641   10.111.40.37:80       10.111.40.37:80

 

Inside-translation is correct in any case but outside-translation fails somtimes.

Can someone tell me, where the problem is?

Regards

 

1 person had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card