12-15-2009 06:12 AM - edited 03-06-2019 08:57 AM
Hi there.
I`ve made NAT translation
interface Vlan2
ip address 192.168.2.254 255.255.255.0
ip helper-address 192.168.1.1
ip nat inside
!
interface Vlan3
ip address 192.168.3.254 255.255.255.0
ip helper-address 192.168.1.1
ip nat inside
!
interface Vlan4
ip address 192.168.4.254 255.255.255.0
ip helper-address 192.168.1.1
ip nat inside
!
interface Vlan5
ip address 192.168.5.254 255.255.255.0
ip helper-address 192.168.1.1
ip nat inside
!
interface Vlan6
ip address 192.168.6.254 255.255.255.0
ip helper-address 192.168.1.1
ip nat inside
!
interface Vlan7
ip address 192.168.7.254 255.255.255.0
ip helper-address 192.168.1.1
ip nat inside
!
interface Vlan8
ip address 192.168.8.254 255.255.255.0
ip helper-address 192.168.1.1
ip nat inside
!
interface Vlan9
ip address 192.168.9.254 255.255.255.0
ip helper-address 192.168.1.1
ip nat inside
!
interface Vlan10
ip address 10.110.115.2 255.255.255.0
ip nat outside
!
interface Vlan255
ip address 192.168.0.1 255.255.255.0
!
no ip nat service skinny tcp port 2000
no ip nat service H225
ip nat inside source list 1 interface Vlan10 overload
ip nat inside source static tcp 192.168.9.254 23 10.110.115.2 23 extendable no-alias
ip nat inside source static tcp 192.168.1.1 3389 10.110.115.2 3389 extendable no-alias
ip classless
ip route 0.0.0.0 0.0.0.0 10.110.115.1
!
no ip http server
!
access-list 1 permit 192.168.1.35
access-list 1 permit 192.168.1.1
access-list 1 permit 192.168.9.254
ICMP packets r forwarded correctly.
But when i try to access web:
3d20h: NAT: New Inside Entry: couldn't allocate port 1172 for 10.110.115.2 Protocol: 6
3d20h: NAT: translation failed (A), dropping packet s=192.168.1.1 d=93.158.134.8
I thought it is a bug in IOS so I upgraded from s72033-ipservices_wan-mz.122-18.SXF15.bin to s72033-ipservices_wan-mz.122-18.SXF17.bin
But still the same error.
Can some1 explain what I do wrong?
show run in attachment
12-15-2009 08:42 AM
Hi,
The error signifies a symbol (A) which means The "(A)" in the debug output means that translation failed after routing occurred.
Check out the below mentioned link hope this will help you out to solve your query
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080094e75.shtml
As per your configuration you are doing nat for access list which is having an ip address 192.168.1.1 but from where it is coming and in which interface it getting nat inside.
Regards
Ganesh.H
12-15-2009 11:33 PM
sry, my bad when quoting.
missed Vlan1 in output conf
interface Vlan1
ip address 192.168.1.254 255.255.255.0
ip helper-address 192.168.1.1
ip nat inside
But the problem is stil there.
If i remove
ip nat inside source static tcp 192.168.9.254 23 10.110.115.2 23 extendable
ip nat inside source static tcp 192.168.1.1 3389 10.110.115.2 3389 extendable
and leave only
ip nat inside source list 1 interface Vlan10 overload
Nat works quite fine.
But together overload doesnt work, while 23 and 3389 ports access is fully operational
I thought it is a bug CSCsj29841
but upgrade from s72033-ipservices_wan-mz.122-18.SXF15.bin to s72033-ipservices_wan-mz.122-18.SXF17.bin didnt help (
Guys, I am really in panic.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide