cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4433
Views
0
Helpful
5
Replies

Cisco 891 IOS NAT problem

ercanelibol
Level 1
Level 1

Hi,

I am having problem with a simple NAT configuration, and not able to figure out. I can not connect to the Internet. I am not able to find enough information about NAT-NVI: translation failed (A) error.

thanks

here is the config

interface FastEthernet8
ip address 11.27.19.25 255.255.254.0
ip nat outside
ip nat enable
ip virtual-reassembly
duplex auto
speed auto
!
interface GigabitEthernet0
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip nat enable
ip virtual-reassembly
duplex auto
speed auto
!
ip route 0.0.0.0 0.0.0.0 11.27.19.24
ip route 192.168.1.0 255.255.255.0 GigabitEthernet0
!
!
ip nat inside source route-map NAT interface FastEthernet8 overload
!
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
!
!
!
!        
route-map NAT permit 10
match ip address 100
!

and here is the debug:

May 21 20:54:05.578: NAT-NVI: translation failed (A), dropping packet s=11.27.19.25 d=11.27.100.1
*May 21 20:54:05.578: NAT: s=192.168.1.1->11.27.100.1, d=11.27.19.25 [50914]
*May 21 20:54:06.590: NAT: s=192.168.1.2->11.27.19.25, d=11.27.100.1 [629]
*May 21 20:54:06.594: NAT: UDP s=54054->1056, d=53
*May 21 20:54:06.594: NAT: UDP s=53, d=1056->54054
*May 21 20:54:07.606: NAT: s=192.168.1.2->11.27.19.25, d=11.27.100.1 [630]
*May 21 20:54:07.606: NAT: UDP s=54054->1056, d=53
*May 21 20:54:07.610: NAT: UDP s=53, d=1056->54054
*May 21 20:54:09.618: NAT: s=192.168.1.2->11.27.19.25, d=11.27.100.1 [631]
*May 21 20:54:09.618: NAT: UDP s=54054->1056, d=53
*May 21 20:54:09.622: NAT: UDP s=53, d=1056->54054
*May 21 20:54:13.626: NAT: s=192.168.1.2->11.27.19.25, d=11.27.100.1 [632]
*May 21 20:54:13.626: NAT: UDP s=54054->1056, d=53
*May 21 20:54:13.630: NAT: UDP s=53, d=1056->54054
*May 21 20:54:21.206: NAT: expiring 11.27.19.25 (11.27.19.25) udp 1044 (59513)
*May 21 20:54:22.230: NAT: expiring 11.27.19.25 (11.27.19.25) udp 1045 (63372)
*May 21 20:54:27.350: NAT: expiring 11.27.19.25 (11.27.19.25) udp 1046 (63623)
*May 21 20:54:30.422: NAT: expiring 11.27.19.25 (192.168.1.2) udp 58745 (58745)
*May 21 20:54:43.734: NAT: expiring 11.27.19.25 (11.27.19.25) udp 1047 (54640)
*May 21 20:54:45.270: NAT: expiring 11.27.19.25 (11.27.19.25) udp 1048 (52768)
*May 21 20:55:00.926: NAT: s=192.168.1.2->11.27.19.25, d=11.27.100.1 [633]
*May 21 20:55:00.930: NAT: UDP s=52856->1057, d=53
*May 21 20:55:00.930: NAT-NVI: translation failed (A), dropping packet s=11.27.19.25 d=11.27.100.1
*May 21 20:55:00.930: NAT: s=192.168.1.1->11.27.100.1, d=11.27.19.25 [50919]
*May 21 20:55:01.654: NAT: expiring 11.27.19.25 (192.168.1.2) udp 63972 (63972)
*May 21 20:55:01.938: NAT: s=192.168.1.2->11.27.19.25, d=11.27.100.1 [634]
*May 21 20:55:01.942: NAT: UDP s=52856->1057, d=53
*May 21 20:55:01.942: NAT: UDP s=53, d=1057->52856
*May 21 20:55:02.954: NAT: s=192.168.1.2->11.27.19.25, d=11.27.100.1 [635]
*May 21 20:55:02.954: NAT: UDP s=52856->1057, d=53
*May 21 20:55:02.958: NAT: UDP s=53, d=1057->52856
*May 21 20:55:04.966: NAT: s=192.168.1.2->11.27.19.25, d=11.27.100.1 [636]
*May 21 20:55:04.966: NAT: UDP s=52856->1057, d=53
*May 21 20:55:04.970: NAT: UDP s=53, d=1057->52856
*May 21 20:55:08.974: NAT: s=192.168.1.2->11.27.19.25, d=11.27.100.1 [637]
*May 21 20:55:08.974: NAT: UDP s=52856->1057, d=53
*May 21 20:55:08.978: NAT: UDP s=53, d=1057->52856
*May 21 20:55:13.942: NAT: expiring 11.27.19.25 (192.168.1.2) udp 54054 (54054)

2 Accepted Solutions

Accepted Solutions

Reza Sharifi
Hall of Fame
Hall of Fame

Hi Ercan,

Why do you have a static route to the connected interface?

ip route 192.168.1.0 255.255.255.0 GigabitEthernet0

Also can you change your current NAT statement to this and try testing again?

ip nat inside source list 100 interface FastEthernet8 overload

HTH

Reza

View solution in original post

Ganesh Hariharan
VIP Alumni
VIP Alumni

Hi,

I am having problem with a simple NAT configuration, and not able to figure out. I can not connect to the Internet. I am not able to find enough information about NAT-NVI: translation failed (A) error.

thanks

here is the config

interface FastEthernet8
ip address 11.27.19.25 255.255.254.0
ip nat outside
ip nat enable
ip virtual-reassembly
duplex auto
speed auto
!
interface GigabitEthernet0
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip nat enable
ip virtual-reassembly
duplex auto
speed auto
!
ip route 0.0.0.0 0.0.0.0 11.27.19.24
ip route 192.168.1.0 255.255.255.0 GigabitEthernet0
!
!
ip nat inside source route-map NAT interface FastEthernet8 overload
!
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
!
!
!
!        
route-map NAT permit 10

Hi,

As Reza Pointed what is the need for 192.168.1.0 route towards the interface and as you have created a route map apply the route map on the interface Gigethernet 0 as per the below example.

Router(config)# interface Fast Ethernet 3/0

Router(config-if)#ip policy route-map reroute10traffic

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

View solution in original post

5 Replies 5

Reza Sharifi
Hall of Fame
Hall of Fame

Hi Ercan,

Why do you have a static route to the connected interface?

ip route 192.168.1.0 255.255.255.0 GigabitEthernet0

Also can you change your current NAT statement to this and try testing again?

ip nat inside source list 100 interface FastEthernet8 overload

HTH

Reza

Hi Reza,

having a static route to that network was not problem, it was the route-map settings in the config. it works fine now. NAT also works with ACL you put in your reply.

Thanks

Ercan

Ganesh Hariharan
VIP Alumni
VIP Alumni

Hi,

I am having problem with a simple NAT configuration, and not able to figure out. I can not connect to the Internet. I am not able to find enough information about NAT-NVI: translation failed (A) error.

thanks

here is the config

interface FastEthernet8
ip address 11.27.19.25 255.255.254.0
ip nat outside
ip nat enable
ip virtual-reassembly
duplex auto
speed auto
!
interface GigabitEthernet0
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip nat enable
ip virtual-reassembly
duplex auto
speed auto
!
ip route 0.0.0.0 0.0.0.0 11.27.19.24
ip route 192.168.1.0 255.255.255.0 GigabitEthernet0
!
!
ip nat inside source route-map NAT interface FastEthernet8 overload
!
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
!
!
!
!        
route-map NAT permit 10

Hi,

As Reza Pointed what is the need for 192.168.1.0 route towards the interface and as you have created a route map apply the route map on the interface Gigethernet 0 as per the below example.

Router(config)# interface Fast Ethernet 3/0

Router(config-if)#ip policy route-map reroute10traffic

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

"Router(config-if)#ip policy route-map..." was the missing part...

thanks

That's Great !! Your problem has been solved

Ganesh.H

Ganesh Hariharan Iyer

Tata Consultancy Services

Mailto: ganeshh.iyer@tcs.com

Website: http://www.tcs.com