Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3716
Views
5
Helpful
5
Replies

nat failing iosv - no output from sh ip nat translations

Go to solution
OscarChacon
Level 1
Level 1

‎03-09-2020 08:36 PM - edited ‎03-09-2020 09:19 PM

My configuration seems to be ok, but NAT is failing from 10.10.1.1/24 network.

 

Here is my NAT config

ip access-list 10 permit 10.0.0.0 0.0.255.255

interface e1/0
ip address 172.16.1.2 255.255.255.0
ip nat outside

interface e1/1
ip nat inside

int loopback 25
ip address 172.16.16.16 255.255.255.0

 

ip nat inside source list 10 interface Loopback25 overload

 

I'm running a test ping but not getting anything on the 'show ip nat translations'

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
alan_schneider
Level 1
Level 1

‎03-09-2020 08:40 PM

your problem is the wildcard mask on the access-list. You should change it to 0.255.255.255 if you want to match 10.10.1.1/24 network.
ip access-list 10 permit 10.0.0.0 0.0.255.255 <- this only matches 10.0.x.x it won't match 10.10.1.X

View solution in original post

5 Replies 5

Go to solution
alan_schneider
Level 1
Level 1

‎03-09-2020 08:40 PM

your problem is the wildcard mask on the access-list. You should change it to 0.255.255.255 if you want to match 10.10.1.1/24 network.
ip access-list 10 permit 10.0.0.0 0.0.255.255 <- this only matches 10.0.x.x it won't match 10.10.1.X

Go to solution
OscarChacon
Level 1
Level 1
In response to alan_schneider

‎03-09-2020 08:44 PM

Thanks. I don't know how I missed that. 

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP

‎03-10-2020 12:24 AM

Hello,

 

on a side note:

 

--> your problem is the wildcard mask on the access-list. You should change it to 0.255.255.255 if you want to match 10.10.1.1/24 network.

 

Shouldn't the wildcard mask be 0.0.0.255 then ? 0.255.255.255 would only match 10.0.0.0.

 

Either way, the access list should be:

 

ip access-list 10 permit 10.0.0.0 0.0.0.255

0 Helpful

Go to solution
alan_schneider
Level 1
Level 1
In response to Georg Pauwen

‎03-11-2020 10:48 AM

His ip was 10.10.1.1/24. 

 

0.255.255.255 would match the entire 10.0.0.0/8 <-10.10.x.x matched

0.0.0.255 would only match 10.0.0.0/24 <- 10.10.x.x not matched

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to alan_schneider

‎03-11-2020 01:16 PM

Hello,

 

you are right. I guess what I wanted to point out is that the match should be as close as possible.

 

10.10.1.1/24

 

should translate to:

 

ip access-list 10 permit 10.10.1.0 0.0.0.255

 

Yours (10.0.0.0 0.255.255.255) would match as well, but it includes the entire class A network.

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card