01-08-2015 04:17 PM - edited 03-07-2019 10:09 PM
Good morning,
I have to create a lot of NAT's in order to navigate some machines. The issue is that can't to create a Overload assigning the IP from interface because I wan to exit with different IP.
Then I am trying to create a pool with unique public IP to each machine in order to navigate. However cisco router display this issue:
"*Jan 9 01:05:34.767: NAT: translation failed (A), dropping packet s=10.8.8.8 d=8.8.8.8.
*Jan 9 01:05:36.763: NAT: translation failed (A), dropping packet s=10.8.8.8 d=8.8.8.8."
I know that this stage is different beacuse the majority are a network inside that assign one pool of IP's. Thus I need your help.
The setting is:
1) Create ACL
show access-lists dynamic-source-nat
Extended IP access list dynamic-source-nat
10 permit ip host 10.8.8.8 host 8.8.8.8 log (15 matches)
2)Pool with unique IP
ip nat pool dynamic-source-nat 200.195.5.5 200.105.5.5 prefix-length 32
3)Create dynamic Source NAT
ip nat inside source list dynamic-source-nat pool dynamic-source-nat
Thanks in advance!
01-08-2015 09:02 PM
There's a typo in your NAT pool. Either you're translating to 200.195.5.5 or 200.105.5.5, but not both.
Also, even though you're only mapping a single source address in the ACL for now, I would still add an overload option to the end of your NAT statement, just for flexibility.
Let me know if either of those observations help.
01-08-2015 11:58 PM
Sorry Jody; I have wrote wrong the pool:
ip nat pool dynamic-source-nat 200.195.5.5 200.195.5.5 prefix-length 32
And the ACL is necessary because I have to add more IP to permit Inside with the Pool IP.
Then, ¿do you know this issue? Like the pool work fine.
"*Jan 9 01:05:34.767: NAT: translation failed (A), dropping packet s=10.8.8.8 d=8.8.8.8.
*Jan 9 01:05:36.763: NAT: translation failed (A), dropping packet s=10.8.8.8 d=8.8.8.8."
Best regards,
01-09-2015 04:19 AM
If you're going to add more sources to the ACL later, you'll definitely need to overload your NAT. Does the failure stop when you adjust the statement as follows?
ip nat inside source list dynamic-source-nat pool dynamic-source-nat overload
12-28-2020 06:57 PM
remove the word LOG from the end of the ACL.
12-29-2020 02:34 AM - edited 12-29-2020 11:08 AM
Hello
@Alfredo Bosca Bataller wrote:
I am trying to create a pool with unique public IP to each machine in order to navigate. However cisco router
The setting is:
1) Create ACL
show access-lists dynamic-source-nat
Extended IP access list dynamic-source-nat
10 permit ip host 10.8.8.8 host 8.8.8.8 log (15 matches)2)Pool with unique IP
ip nat pool dynamic-source-nat 200.195.5.5 200.105.5.5 prefix-length 32
3)Create dynamic Source NAT
ip nat inside source list dynamic-source-nat pool dynamic-source-nat
First of all your nat pool statement is incorrect (I assume its just a typo in this post) also you have "log" keyword appended to the nat access-list which isn't applicable when used with nat.
ip nat pool dynamic-source-nat 200.195.5.5 200.105.5.5 prefix-length 32
Now presently you are performing dynamic port address translation (PAT) - (many lan hosts to one public ip), So for each lan host to obtain a unique public ip address through NAT then you’ll require a large public address pool which it seems you don’t have and you will need to extend your nat access-list to incorporate a larger inside host range
Example 1:
no dynamic-source-nat
ip access-list extended dynamic-source-nat
permit ip 10.8.8.0 0.0.0.255 any
ip nat pool dynamic-source-nat 200.195.5.5 200.195.5.105 prefix-length 24
ip nat inside source list dynamic-source-nat pool dynamic-source-nat ( overload - use this ONLY if you wish to reuse the nat pool once exhausted)
Example 2 nat will alocate each inside lan address to a public ip address matching on the host area of the ip address.
Example 2:
ip access-list extended dynamic-source-nat
permit ip host 10.8.8.5 any
permit ip host 10.8.8.6 any
permit ip host 10.8.8.7 any
etc..
ip nat pool dynamic-source-nat 200.195.5.5 200.195.5.10 prefix-length 24 match-host
ip nat inside source list dynamic-source-nat pool dynamic-source-nat
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide