Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
293
Views
0
Helpful
3
Replies

issue with combining overloading with static NAT for the same subnet on router 1921/K9

mkhataby1
Level 1
Level 1

‎07-03-2016 03:43 PM - edited ‎03-08-2019 06:28 AM

I configured NAT overload (PAT) on the outside interface(WAN ineterface) and static NAT on router 1921/K9, but i noticed that the PAT usually preferred. here is the config : 

interface GigabitEthernet0/0
ip address X.X.X.66 255.255.255.240
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto

ip nat inside source list 1 interface GigabitEthernet0/0 overload

ip nat inside source static Y.Y.9.140 X.X.X.71
i
i
access-list 1 permit Y.Y.0.0 0.0.255.255
!

the version of the IOS is 15.2(1)T3.

Labels:
0 Helpful
3 Replies 3

Francesco Molino
VIP Alumni
VIP Alumni

‎07-03-2016 08:41 PM

Hi 

Sorry I don't get your concern.

When you configure a one-to-one static nat, you will see it as permanent using the show ip nat translation.

Could you detail more your concern Please?

Thanks 

PS: Please don't forget to rate and mark as correct answer if this solved your issue 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

mkhataby1
Level 1
Level 1
In response to Francesco Molino

‎07-04-2016 03:18 AM

Hi, 

 thanks for your response.

 As i said i configured :

 -NAT Overload : for all users using internet.

- Static NAT : for the IMSVA Server (emails).

when i did the debug and the show ip nat translations, i see that the nat work properly :

Router-INTERNET1#sh ip nat translations | i Y.Y.9.140

tcp X.X.X.71:25      Y.Y.9.140:25        54.240.10.161:33383   54.240.10.161:33383

tcp X.X.X.71:25      Y.Y.9.140:25        148.251.215.26:55904  148.251.215.26:55904

Router-INTERNET1# Debug ip nat 

Jun 29 16:20:35.763: NAT*: s=64.20.227.134, d=X.X.X.71->Y.Y.9.140 [7816]

Jun 29 16:20:35.763: NAT*: s=Y.Y.9.140->X.X.X.71, d=64.20.227.134 [53795]

The IMSVA Server must use the Static NAT but when i analyze the header of the email i found the NAT Oveload not static.

best regards

0 Helpful

Francesco Molino
VIP Alumni
VIP Alumni
In response to mkhataby1

‎07-04-2016 06:51 AM

Hi

I missing something. When you're doing a nat one-to-one, the IP header will be the static nat IP you've configured. your IMSVA Trend Micro has the IP y.y.9.140 right?

I would like to have 2 outputs if you don't mind:

1. On the ACL of dynamic NAT, Could you add a 1st line to deny the traffic from that machine to any. And check again your header.

2. Could you provide a wireshark trace to show me which header do you have?

On your traces, everything show correct natting.

Thanks

PS: Please don't forget to rate and mark as correct answer if this answered your question


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card