cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
293
Views
0
Helpful
0
Replies

Need help NATing Inside Global to Outside Global over Subinterface

Hey everyone,

I'm attempting to NAT an inside global address to an outside global address over two subinterfaces.  Currently, we are using an inside global hrsp address to hit our cisco edge routers so perhaps the single MAC over multiple inside globals is causing an issue, I'm not sure.  Anyways, these are the two config variations I've attempted:

office-rtr-edge-01
ip nat inside source static [inside global] [outside global]
interface po3.999
ip nat inside

interface po3.997
ip nat outside

This is the show ip nat statistics:

office-rtr-edge-01#show ip nat stat
Total active translations: 1 (1 static, 0 dynamic; 1 extended)
Outside interfaces:
Port-channel3.997
Inside interfaces:
Port-channel3.999
Hits: 0 Misses: 0
Expired translations: 0
Dynamic mappings:
nat-limit statistics:
max entry: max allowed 0, used 0, missed 0
In-to-out drops: 0 Out-to-in drops: 0
Pool stats drop: 0 Mapping stats drop: 0'
Port block alloc fail: 0
IP alias add fail: 0
Limit entry add fail: 0
Outside global interfaces count: 1

This is the second variant I attempted:

office-rtr-edge-01

ip nat inside source static [inside global] [outside global]
interface po3.999

int po3.997
ip nat outside
int po3.999
ip nat inside
ip access-list standard 1
10 permit [inside global]
ip nat inside source list 1 interface Port-channel3.999 overload

We also attempted without the overload command however that produced an input error.

This is the show output for attempt at ACL NAT
office-rtr-edge-01#show ip nat stat
Total active translations: 0 (0 static, 0 dynamic; 0 extended)
Outside interfaces:
Port-channel3.997
Inside interfaces:
Port-channel3.999
Hits: 0 Misses: 0
Expired translations: 0
Dynamic mappings:
-- Inside Source
[Id: 1] access-list 1 interface Port-channel3.999 refcount 0
nat-limit statistics:
max entry: max allowed 0, used 0, missed 0
In-to-out drops: 0 Out-to-in drops: 0
Pool stats drop: 0 Mapping stats drop: 0
Port block alloc fail: 0
IP alias add fail: 0
Limit entry add fail: 0
Outside global interfaces count: 1

 

Anyone have any ideas we can attempt?  The main issue here is, the inside global for some reason isn't matching on the nat logic of our ASR-1000x.  We even went so far as to try a protocol/port specific static NAT but that was to no avail [ip nat inside source static tcp [inside global IP] [outside global IP] 443 extendable]

We can't put the router into debug mode as it's a production router, we could spin up a whole new router and try to see what's going on in debug mode but any insight or tips would be greatly appreciated before going through that rigamarole!

 

0 Replies 0
Review Cisco Networking for a $25 gift card