Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
811
Views
0
Helpful
1
Replies

NAT overload using nat pools

q-coelho
Level 1
Level 1

‎07-19-2005 10:48 AM - edited ‎03-03-2019 10:04 AM

Hi,

I am hoping someone else has had the same problems or a possible resolution.

I have 2 GRE tunnels terminating on ISP router, their IP ranges routed to the tunnels are Private IP's. I want to translate one of the class C blocks to one public IP and the other class C block to another public IP. But when traffic is destined for my internal network, it should not be required to be translated.

My configurations are as below:

!

interface Loopback10

description test2

ip address 192.168.1.1 255.255.255.255

!

interface Loopback11

description test3

ip address 192.168.1.2 255.255.255.255

!

interface Tunnel10

description test2

ip unnumbered FastEthernet0/0

ip nat inside

tunnel source Loopback10

tunnel destination 196.x.1.1

!

interface Tunnel11

description test3

ip unnumbered FastEthernet0/0

ip nat inside

tunnel source Loopback11

tunnel destination 196.x.2.1

!

interface FastEthernet0/0

description Link To Internal Network

ip address 196.x.x.x 255.255.255.224

!

interface FastEthernet0/1

description Link To ISP

ip address 196.x.x.x 255.255.255.254

ip nat outside

!

ip route 192.168.10.0 255.255.255.0 Tunnel10

ip route 192.168.11.0 255.255.255.0 Tunnel11

!

ip nat pool TEST2 x.x.x.40 x.x.x.40 prefix-length 32

ip nat pool TEST3 x.x.x.41 x.x.x.41 prefix-length 32

ip nat inside source route-map TEST2 pool TEST2 overload

ip nat inside source route-map TEST3 pool TEST3 overload

!

access-list 110 permit ip 192.168.10.0 0.0.0.255 any log

access-list 111 permit ip 192.168.11.0 0.0.0.255 any log

!

route-map TEST2 permit 10

match ip address 110

!

route-map TEST3 permit 10

match ip address 111

!

000359: *Mar 5 22:26:44.644 SA: NAT: map match TEST2

000360: *Mar 5 22:26:44.644 SA: NAT: address not stolen for 192.168.10.2, proto 17 port 1041

000361: *Mar 5 22:26:44.644 SA: NAT: failed to allocate address for 192.168.10.2, list/map TEST2

000362: *Mar 5 22:26:44.644 SA: NAT: translation failed (A), dropping packet s=192.168.10.2 d=209.212.97.1

000363: *Mar 5 22:26:45.424 SA: NAT: map match TEST2

000364: *Mar 5 22:26:45.424 SA: NAT: address not stolen for 192.168.10.2, proto 17 port 1041

000365: *Mar 5 22:26:45.424 SA: NAT: failed to allocate address for 192.168.10.2, list/map TEST2

000366: *Mar 5 22:26:45.424 SA: NAT: translation failed (A), dropping packet s=192.168.10.2 d=196.4.160.2

000367: *Mar 5 22:26:46.200 SA: NAT: map match TEST2

000368: *Mar 5 22:26:46.204 SA: NAT: address not stolen for 192.168.10.2, proto 17 port 1041

000369: *Mar 5 22:26:46.204 SA: NAT: failed to allocate address for 192.168.10.2, list/map TEST2

000370: *Mar 5 22:26:46.204 SA: NAT: translation failed (A), dropping packet s=192.168.10.2 d=209.212.97.1

Labels:
0 Helpful
1 Reply 1

a-vazquez
Level 6
Level 6

‎07-25-2005 12:49 PM

NAT overloading, is a feature of Cisco IOS NAT and can be used to translate internal (inside local) private addresses to one or more outside (inside global ;usually registered) IP addresses. Unique source port numbers on each translation are used to distinguish between the conversations.

With NAT overload, a translation table entry containing full address and source port information is created.

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080093fca.shtml

0 Helpful
Top