NAT OUTSIDE Overload

Narendran K. · ‎05-05-2010

Hi,

I face an issue at one of the customer site , when the user(10.123.91.0/24) from outside trying to server (10.26.11.32/28) at inside, only one user is able to connect. I wanted to do a NAT overload but router doesnot accept the overload command on an outside NAT.can anybody help on this as increasing size of NAT pool is not an immediate solution as it requires Firewall ruleset change and stuff like that.

configuration

ip nat pool test_pool 10.27.255.109 10.27.255.109 netmask 255.255.255.252
ip nat outside source list customer_ACL pool test_pool
!
ip access-list extended customer_ACL
permit ip 10.123.91.0 0.0.0.255 10.26.11.32 0.0.0.15

thanks & regards

Naren.

Jon Marshall · ‎05-05-2010

narensnair wrote:

Hi,

I face an issue at one of the customer site , when the user(10.123.91.0/24) from outside trying to server (10.26.11.32/28) at inside, only one user is able to connect. I wanted to do a NAT overload but router doesnot accept the overload command on an outside NAT.can anybody help on this as increasing size of NAT pool is not an immediate solution as it requires Firewall ruleset change and stuff like that.

configuration

ip nat pool test_pool 10.27.255.109 10.27.255.109 netmask 255.255.255.252
ip nat outside source list customer_ACL pool test_pool
!
ip access-list extended customer_ACL
permit ip 10.123.91.0 0.0.0.255 10.26.11.32 0.0.0.15

thanks & regards

Naren.

Naren

Unfortunately with IOS you cannot overload from outside to inside. With a pix/ASA this is an easy thing to do but as yet it doesn't seem to be supported on IOS. The only way is to increase the NAT pool to enough addresses for the outside connections.

Jon

Narendran K. · ‎05-05-2010

In the same senario, can we have the overload from inside to outside when the connection established from outside to inside?