NAt ouside NOK

yavuz.ozdemir · ‎04-05-2012

Hello Dears,

I'm trying to set up a NAT outside on my vrf router but it doesn't work.

I have a pool that I want to NAT to a IP

But on my router, I can only NAt from a pool to a poo of IP adresses

Ex :

ip nat pool TEST 10.10.10.10 10.10.10.10 length 28

ip nat outside source list ACL-TEST pool TEST vrf TESTLAB

ip access-list standard ACL-TEST

permit x.x.x.0 0.0.15.255

but it doersn't work, can you advice please.

Yavuz

John Blakley · ‎04-05-2012

Have you applied nat to your interfaces? What doesn't work?

HTH, John *** Please rate all useful posts ***

yavuz.ozdemir · ‎04-05-2012

Yes, I applied the nat on interface.

The NAT works but only for the first ip in the pool.

Normally is not a pool is just a IP but my NAT able only NAT POOL TO POOL

And the overload works only for the NAT Inside and not outside

Neeraj Arora · ‎04-05-2012

NAT outside does not have an option of "overload" so you can use a single ip as the translated ip for whole subnet which you are matching in the ACL.

You'd have to use a bigger pool of ip's if you want more than one user/host to be translated with "ip nat outside source" command. This is how Nat Outside is meant to work

you should think of using a fictitious ip subnet pool for outside translation like 10.10.200.0/24. this way you can have 255 simultaneous connections. for more connections you'd have to modify this pool

Check this support forum thread for a config example:

https://supportforums.cisco.com/message/3602792#3602792