10-13-2020 11:33 PM
Hi friends,
I am migrating config from 2951 to 4351....and NAT command shows strange output...looking for description on cisco.com shows nothing
Could somebody help to sort this out?
Cannot change mapping's source type, or the mapping already exists; remove mapping first to make change.
2951 all records existsx, but 4351 does not accept it...
BORDER-ISR4351(config)#ip nat inside source static tcp 192.168.57.11 25 217.28.210.253 25 route-map TELENET extendable BORDER-ISR4351(config)#ip nat inside source static tcp 192.168.57.3 80 217.28.210.253 80 route-map TELENET extendable BORDER-ISR4351(config)#ip nat inside source static tcp 192.168.57.3 443 217.28.210.253 443 route-map TELENET extendable BORDER-ISR4351(config)#ip nat inside source static tcp 192.168.57.11 587 217.28.210.253 587 route-map TELENET extendable BORDER-ISR4351(config)#ip nat inside source static tcp 192.168.60.3 22 217.29.49.100 22 extendable BORDER-ISR4351(config)#ip nat inside source static 192.168.1.100 217.29.49.105 extendable BORDER-ISR4351(config)#ip nat inside source static 192.168.60.21 217.29.49.106 extendable BORDER-ISR4351(config)#ip nat pool WAN252 217.28.210.252 217.28.210.252 netmask 255.255.255.224 BORDER-ISR4351(config)#ip nat pool WAN233 217.28.210.233 217.28.210.233 netmask 255.255.255.224 BORDER-ISR4351(config)#ip nat inside source list Lan78 pool WAN233 overload BORDER-ISR4351(config)#ip nat inside source list NAT_LOCAL interface GigabitEthernet0/0/0.6 overload BORDER-ISR4351(config)#ip nat inside source route-map STARLINK interface GigabitEthernet0/0/0.16 overload Cannot change mapping's source type, or the mapping already exists; remove mapping first to make change. BORDER-ISR4351(config)#ip nat inside source route-map TELENET interface GigabitEthernet0/0/0.6 overload Cannot change mapping's source type, or the mapping already exists; remove mapping first to make change. BORDER-ISR4351(config)#ip nat inside source route-map WAN252 pool WAN252 overload
Solved! Go to Solution.
10-14-2020 07:14 AM
let do this in these sequence:-
first remove the ip nat inside outside from interface
second clear ip nat translation "make sure your translation dot contain any dynamic entry, sometimes you need to do clear several times"
third complete all config all,
finally config NAT inside and outside we remove in first step.
Do these step and see result
10-14-2020 12:52 AM
Hello,
what is the content of your route maps ? Post the running configuration of your 4351.
10-14-2020 01:09 AM
Hello
Your nat configuration does seems rather convoluted but by the looks of it, It appears you are applying static mappings for route-map TELENET and then trying to apply a dynamic mapping for the same route-map.
If those NAT statements related to different route-maps names, then the router may well except it.
10-14-2020 03:00 AM
I think the issue is with extendable, you use same mapped IP in different ip nat with extendable,
as I know this is normal but for ISR 4321 i will check bug.
10-14-2020 03:20 AM
ip nat translation timeout 300 ip nat translation tcp-timeout 300 ip nat translation udp-timeout 45 ip nat translation dns-timeout 3 ip nat translation icmp-timeout 5 ip nat translation max-entries 30000 ip nat translation max-entries all-host 800 ip nat pool WAN252 217.28.210.252 217.28.210.252 netmask 255.255.255.224 ip nat pool WAN233 217.28.210.233 217.28.210.233 netmask 255.255.255.224 ip nat inside source list Lan78 pool WAN233 overload ip nat inside source list NAT_LOCAL interface GigabitEthernet0/0.6 overload ip nat inside source route-map STARLINK interface GigabitEthernet0/0.16 overload ip nat inside source route-map TELENET interface GigabitEthernet0/0.6 overload ip nat inside source route-map WAN252 pool WAN252 overload ip nat inside source static 172.16.8.11 77.50.63.243 route-map STARLINK extendable ip nat inside source static tcp 192.168.1.114 2222 217.28.210.231 2222 route-map TELENET extendable ip nat inside source static tcp 192.168.1.114 443 217.28.210.231 10443 route-map TELENET extendable ip nat inside source static 192.168.78.30 217.28.210.233 route-map TELENET extendable ip nat inside source static 192.168.2.181 217.28.210.234 ip nat inside source static tcp 192.168.60.32 3389 217.28.210.237 443 route-map TELENET extendable ip nat inside source static tcp 192.168.60.32 1433 217.28.210.237 1433 route-map TELENET extendable ip nat inside source static tcp 192.168.60.32 3389 217.28.210.237 33989 route-map TELENET extendable ip nat inside source static tcp 192.168.60.33 3389 217.28.210.237 33990 route-map TELENET extendable ip nat inside source static tcp 172.16.8.12 80 217.28.210.242 80 route-map TELENET extendable ip nat inside source static tcp 172.16.8.12 443 217.28.210.242 443 route-map TELENET extendable ip nat inside source static tcp 172.16.8.13 443 217.28.210.243 443 route-map TELENET extendable ip nat inside source static tcp 192.168.1.80 443 217.28.210.250 443 extendable ip nat inside source static tcp 192.168.1.113 80 217.28.210.251 80 route-map TELENET extendable ip nat inside source static tcp 192.168.1.113 443 217.28.210.251 443 route-map TELENET extendable ip nat inside source static tcp 172.16.8.239 25 217.28.210.252 25 extendable ip nat inside source static tcp 192.168.57.11 80 217.28.210.252 80 route-map TELENET extendable ip nat inside source static tcp 192.168.57.11 443 217.28.210.252 443 route-map TELENET extendable ip nat inside source static tcp 192.168.57.11 587 217.28.210.252 587 route-map TELENET extendable ip nat inside source static tcp 192.168.57.11 993 217.28.210.252 993 route-map TELENET extendable ip nat inside source static tcp 192.168.57.3 995 217.28.210.252 995 route-map TELENET extendable ip nat inside source static tcp 192.168.57.11 25 217.28.210.253 25 route-map TELENET extendable ip nat inside source static tcp 192.168.57.3 80 217.28.210.253 80 route-map TELENET extendable ip nat inside source static tcp 192.168.57.3 443 217.28.210.253 443 route-map TELENET extendable ip nat inside source static tcp 192.168.57.11 587 217.28.210.253 587 route-map TELENET extendable ip nat inside source static tcp 192.168.60.3 22 217.29.49.100 22 extendable ip nat inside source static 192.168.1.100 217.29.49.105 extendable ip nat inside source static 192.168.60.21 217.29.49.106 extendable ip route 0.0.0.0 0.0.0.0 217.28.210.33 track 101 ip route 0.0.0.0 0.0.0.0 77.50.63.241 track 102 ip route 8.8.4.4 255.255.255.255 77.50.63.241 ip route 8.8.8.8 255.255.255.255 217.28.210.33 ip route 10.7.0.0 255.255.255.0 192.168.100.2 ip route 10.8.0.0 255.255.255.0 192.168.100.2 ip route 77.50.0.4 255.255.255.255 77.50.63.241 ip route 77.50.1.4 255.255.255.255 77.50.63.241 ip route 172.16.10.15 255.255.255.255 172.16.50.1 ip route 172.16.10.20 255.255.255.255 172.16.50.1 ip route 172.16.10.25 255.255.255.255 172.16.50.1 ip route 192.168.0.0 255.255.255.240 192.168.100.2 ip route 192.168.9.2 255.255.255.255 192.168.100.2 ip route 192.168.26.4 255.255.255.252 192.168.26.9 ip route 192.168.39.0 255.255.255.252 192.168.100.2 ip route 192.168.55.0 255.255.255.0 192.168.100.2 ip route 192.168.57.0 255.255.255.0 192.168.55.2 ip route 192.168.57.0 255.255.255.0 192.168.100.2 ip route 192.168.88.0 255.255.255.0 192.168.0.45 ip route 192.168.89.0 255.255.255.0 192.168.0.45 ip route 192.168.123.0 255.255.255.0 192.168.85.18 ip route 192.168.128.0 255.255.240.0 192.168.100.2 ip route 192.168.232.0 255.255.255.0 192.168.100.2 ip route 192.168.233.0 255.255.255.0 192.168.100.2 ip route 217.28.208.8 255.255.255.255 217.28.210.33 ip route 217.28.210.10 255.255.255.255 217.28.210.33 ip route 217.28.213.224 255.255.255.224 217.29.49.110
route-map ROUTER permit 10 match ip address ROUTER1 set ip next-hop 217.28.210.33 ! route-map ROUTER permit 20 match ip address ROUTER2 set ip next-hop 77.50.63.241 ! route-map STARLINK permit 10 match ip address NAT match interface GigabitEthernet0/0.16 ! route-map TELENET permit 10 match ip address NAT match interface GigabitEthernet0/0.15 ! route-map HOP permit 10 match ip address LAN1 set ip next-hop verify-availability 217.28.210.33 10 track 101 set ip next-hop 77.50.63.241 ! route-map HOP permit 20 match ip address LAN2 set ip next-hop verify-availability 77.50.63.241 10 track 102 set ip next-hop 217.28.210.33 ! route-map HOP2 permit 10 match ip address LAN3 set ip next-hop 217.28.210.33 ! route-map WAN252 permit 10 match ip address NAT252 match interface GigabitEthernet0/0.15
This is config on isr2951. the same copy paste does not accepted by 4351....see above NAT error
10-14-2020 03:32 AM - edited 10-14-2020 03:33 AM
this is what i get when copy pasting, 4351 does not accept only NAT for subinterfaces....
BORDER-ISR4351#conf t Enter configuration commands, one per line. End with CNTL/Z. BORDER-ISR4351(config)#ip nat pool WAN252 217.28.210.252 217.28.210.252 netmask 255.255.255.224 BORDER-ISR4351(config)#ip nat pool WAN233 217.28.210.233 217.28.210.233 netmask 255.255.255.224 BORDER-ISR4351(config)#ip nat inside source list Lan78 pool WAN233 overload BORDER-ISR4351(config)#ip nat inside source list NAT_LOCAL interface GigabitEthernet0/0/0.6 overload Cannot change mapping's interface name, or the mapping already exists; remove mapping first to make change. BORDER-ISR4351(config)#ip nat inside source route-map STARLINK interface GigabitEthernet0/0/0.16 overload Cannot change mapping's source type, or the mapping already exists; remove mapping first to make change. BORDER-ISR4351(config)#ip nat inside source route-map TELENET interface GigabitEthernet0/0/0.6 overload Cannot change mapping's source type, or the mapping already exists; remove mapping first to make change. BORDER-ISR4351(config)#ip nat inside source route-map WAN252 pool WAN252 overload BORDER-ISR4351(config)#ip nat inside source static 172.16.8.11 77.50.63.243 route-map STARLINK extendable BORDER-ISR4351(config)#ip nat inside source static tcp 192.168.1.114 2222 217.28.210.231 2222 route-map TELENET extendable BORDER-ISR4351(config)#ip nat inside source static tcp 192.168.1.114 443 217.28.210.231 10443 route-map TELENET extendable BORDER-ISR4351(config)#ip nat inside source static 192.168.78.30 217.28.210.233 route-map TELENET extendable BORDER-ISR4351(config)#ip nat inside source static 192.168.2.181 217.28.210.234 %Static entry already exists BORDER-ISR4351(config)#ip nat inside source static tcp 192.168.60.32 3389 217.28.210.237 443 route-map TELENET extendable BORDER-ISR4351(config)#ip nat inside source static tcp 192.168.60.32 1433 217.28.210.237 1433 route-map TELENET extendable BORDER-ISR4351(config)#ip nat inside source static tcp 192.168.60.32 3389 217.28.210.237 33989 route-map TELENET extendable BORDER-ISR4351(config)#ip nat inside source static tcp 192.168.60.33 3389 217.28.210.237 33990 route-map TELENET extendable BORDER-ISR4351(config)#ip nat inside source static tcp 172.16.8.12 80 217.28.210.242 80 route-map TELENET extendable BORDER-ISR4351(config)#ip nat inside source static tcp 172.16.8.12 443 217.28.210.242 443 route-map TELENET extendable BORDER-ISR4351(config)#ip nat inside source static tcp 172.16.8.13 443 217.28.210.243 443 route-map TELENET extendable BORDER-ISR4351(config)#ip nat inside source static tcp 192.168.1.80 443 217.28.210.250 443 extendable BORDER-ISR4351(config)#ip nat inside source static tcp 192.168.1.113 80 217.28.210.251 80 route-map TELENET extendable BORDER-ISR4351(config)#ip nat inside source static tcp 192.168.1.113 443 217.28.210.251 443 route-map TELENET extendable BORDER-ISR4351(config)#ip nat inside source static tcp 172.16.8.239 25 217.28.210.252 25 extendable BORDER-ISR4351(config)#ip nat inside source static tcp 192.168.57.11 80 217.28.210.252 80 route-map TELENET extendable BORDER-ISR4351(config)#ip nat inside source static tcp 192.168.57.11 443 217.28.210.252 443 route-map TELENET extendable BORDER-ISR4351(config)#ip nat inside source static tcp 192.168.57.11 587 217.28.210.252 587 route-map TELENET extendable BORDER-ISR4351(config)#ip nat inside source static tcp 192.168.57.11 993 217.28.210.252 993 route-map TELENET extendable BORDER-ISR4351(config)#ip nat inside source static tcp 192.168.57.3 995 217.28.210.252 995 route-map TELENET extendable BORDER-ISR4351(config)#ip nat inside source static tcp 192.168.57.11 25 217.28.210.253 25 route-map TELENET extendable BORDER-ISR4351(config)#ip nat inside source static tcp 192.168.57.3 80 217.28.210.253 80 route-map TELENET extendable BORDER-ISR4351(config)#ip nat inside source static tcp 192.168.57.3 443 217.28.210.253 443 route-map TELENET extendable BORDER-ISR4351(config)#ip nat inside source static tcp 192.168.57.11 587 217.28.210.253 587 route-map TELENET extendable BORDER-ISR4351(config)#ip nat inside source static tcp 192.168.60.3 22 217.29.49.100 22 extendable BORDER-ISR4351(config)#ip nat inside source static 192.168.1.100 217.29.49.105 extendable BORDER-ISR4351(config)#ip nat inside source static 192.168.60.21 217.29.49.106 extendable BORDER-ISR4351(config)#
,
10-14-2020 03:44 AM
and here is OUTSIDE subinterfaces
nterface GigabitEthernet0/0/0 description Uplink to sw3-1-adm/41 no ip address no ip redirects no ip unreachables no ip proxy-arp ip route-cache policy negotiation auto ! interface GigabitEthernet0/0/0.6 encapsulation dot1Q 6 ip address 217.28.210.254 255.255.255.224 no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip verify unicast reverse-path no cdp enable ip virtual-reassembly ! interface GigabitEthernet0/0/0.15 description TELENET encapsulation dot1Q 15 ip address 217.28.210.34 255.255.255.252 no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip verify unicast reverse-path no cdp enable ip virtual-reassembly ! interface GigabitEthernet0/0/0.16 description STARLINK encapsulation dot1Q 16 ip address 77.50.63.254 255.255.255.240 no ip redirects no ip proxy-arp ip nat outside ip verify unicast reverse-path no cdp enable ip virtual-reassembly ! interface GigabitEthernet0/0/0.49 description TELENET2_NEW encapsulation dot1Q 49 ip address 217.29.49.97 255.255.255.240 no ip redirects no ip proxy-arp ip nat outside no cdp enable ip virtual-reassembly
10-14-2020 05:34 AM - edited 10-14-2020 05:37 AM
i've forgot to add route-maps in config. after i've added them...i got another error on to strings to be added
BORDER-ISR4351(config)#ip nat inside source route-map STARLINK interface GigabitEthernet0/0/0.16 overload Cannot change mapping's source type, or the mapping already exists; remove mapping first to make change. BORDER-ISR4351(config)#ip nat inside source route-map TELENET interface GigabitEthernet0/0/0.6 overload Cannot change mapping's source type, or the mapping already exists; remove mapping first to make change.
10-14-2020 07:14 AM
let do this in these sequence:-
first remove the ip nat inside outside from interface
second clear ip nat translation "make sure your translation dot contain any dynamic entry, sometimes you need to do clear several times"
third complete all config all,
finally config NAT inside and outside we remove in first step.
Do these step and see result
10-14-2020 10:29 AM
It worked! beer is on the way
10-14-2020 10:46 AM
I am appreciate all of you for advices!
10-14-2020 09:49 PM
Too late for my happiness
when i plugged in IPSs cable to G0/0/0, ISR4351 delete NAT statements. attached is ISR2951 config
i don't know what axactly ISR4351 doesn't like in it.
ip nat inside source route-map STARLINK interface GigabitEthernet0/0/0.16 overload ip nat inside source route-map TELENET interface GigabitEthernet0/0/0.6 overload
therefore there was no internet.
I have made again procedure like MHM Cisco World adviced but no luck. I think there route-map to NAT issue. But my skills not anough to sort it out
first remove the ip nat inside outside from interface second clear ip nat translation "make sure your translation dot contain any dynamic entry, sometimes you need to do clear several times" third complete all config all, finally config NAT inside and outside we remove in first step.
here is out put when i ahve tried to add NAT
BORDER-ISR4351(config-subif)# exi BORDER-ISR4351(config)#ip nat inside source static 172.16.8.11 77.50.63.243 route-map STARLINK extendable %Route map rt-map STARLINK is already used by a dynamic mapping and cannot be share with a static mapping BORDER-ISR4351(config)#ip nat inside source static tcp 192.168.1.114 2222 217.28.210.231 2222 route-map TELENET extendable %Route map rt-map TELENET is already used by a dynamic mapping and cannot be share with a static mapping BORDER-ISR4351(config)#ip nat inside source static tcp 192.168.1.114 443 217.28.210.231 10443 route-map TELENET extendable %Route map rt-map TELENET is already used by a dynamic mapping and cannot be share with a static mapping BORDER-ISR4351(config)#ip nat inside source static 192.168.78.30 217.28.210.233 route-map TELENET extendable %Route map rt-map TELENET is already used by a dynamic mapping and cannot be share with a static mapping BORDER-ISR4351(config)#ip nat inside source static 192.168.2.181 217.28.210.234 %Static entry already exists BORDER-ISR4351(config)#ip nat inside source static tcp 192.168.60.32 3389 217.28.210.237 443 route-map TELENET extendable %Route map rt-map TELENET is already used by a dynamic mapping and cannot be share with a static mapping BORDER-ISR4351(config)#ip nat inside source static tcp 192.168.60.32 1433 217.28.210.237 1433 route-map TELENET extendable %Route map rt-map TELENET is already used by a dynamic mapping and cannot be share with a static mapping BORDER-ISR4351(config)#ip nat inside source static tcp 192.168.60.32 3389 217.28.210.237 33989 route-map TELENET extendable %Route map rt-map TELENET is already used by a dynamic mapping and cannot be share with a static mapping BORDER-ISR4351(config)#ip nat inside source static tcp 192.168.60.33 3389 217.28.210.237 33990 route-map TELENET extendable %Route map rt-map TELENET is already used by a dynamic mapping and cannot be share with a static mapping BORDER-ISR4351(config)#ip nat inside source static tcp 172.16.8.12 80 217.28.210.242 80 route-map TELENET extendable %Route map rt-map TELENET is already used by a dynamic mapping and cannot be share with a static mapping BORDER-ISR4351(config)#ip nat inside source static tcp 172.16.8.12 443 217.28.210.242 443 route-map TELENET extendable %Route map rt-map TELENET is already used by a dynamic mapping and cannot be share with a static mapping BORDER-ISR4351(config)#ip nat inside source static tcp 172.16.8.13 443 217.28.210.243 443 route-map TELENET extendable %Route map rt-map TELENET is already used by a dynamic mapping and cannot be share with a static mapping BORDER-ISR4351(config)#ip nat inside source static tcp 192.168.1.80 443 217.28.210.250 443 extendable BORDER-ISR4351(config)#ip nat inside source static tcp 192.168.1.113 80 217.28.210.251 80 route-map TELENET extendable %Route map rt-map TELENET is already used by a dynamic mapping and cannot be share with a static mapping BORDER-ISR4351(config)#ip nat inside source static tcp 192.168.1.113 443 217.28.210.251 443 route-map TELENET extendable %Route map rt-map TELENET is already used by a dynamic mapping and cannot be share with a static mapping BORDER-ISR4351(config)#ip nat inside source static tcp 172.16.8.239 25 217.28.210.252 25 extendable BORDER-ISR4351(config)#ip nat inside source static tcp 192.168.57.11 80 217.28.210.252 80 route-map TELENET extendable %Route map rt-map TELENET is already used by a dynamic mapping and cannot be share with a static mapping BORDER-ISR4351(config)#ip nat inside source static tcp 192.168.57.11 443 217.28.210.252 443 route-map TELENET extendable %Route map rt-map TELENET is already used by a dynamic mapping and cannot be share with a static mapping BORDER-ISR4351(config)#ip nat inside source static tcp 192.168.57.11 587 217.28.210.252 587 route-map TELENET extendable %Route map rt-map TELENET is already used by a dynamic mapping and cannot be share with a static mapping BORDER-ISR4351(config)#ip nat inside source static tcp 192.168.57.11 993 217.28.210.252 993 route-map TELENET extendable %Route map rt-map TELENET is already used by a dynamic mapping and cannot be share with a static mapping BORDER-ISR4351(config)#ip nat inside source static tcp 192.168.57.3 995 217.28.210.252 995 route-map TELENET extendable %Route map rt-map TELENET is already used by a dynamic mapping and cannot be share with a static mapping BORDER-ISR4351(config)#ip nat inside source static tcp 192.168.57.11 25 217.28.210.253 25 route-map TELENET extendable %Route map rt-map TELENET is already used by a dynamic mapping and cannot be share with a static mapping BORDER-ISR4351(config)#ip nat inside source static tcp 192.168.57.3 80 217.28.210.253 80 route-map TELENET extendable %Route map rt-map TELENET is already used by a dynamic mapping and cannot be share with a static mapping BORDER-ISR4351(config)#ip nat inside source static tcp 192.168.57.3 443 217.28.210.253 443 route-map TELENET extendable %Route map rt-map TELENET is already used by a dynamic mapping and cannot be share with a static mapping BORDER-ISR4351(config)#ip nat inside source static tcp 192.168.57.11 587 217.28.210.253 587 route-map TELENET extendable %Route map rt-map TELENET is already used by a dynamic mapping and cannot be share with a static mapping BORDER-ISR4351(config)#ip nat inside source static tcp 192.168.60.3 22 217.29.49.100 22 extendable BORDER-ISR4351(config)#ip nat inside source static 192.168.1.100 217.29.49.105 extendable BORDER-ISR4351(config)#ip nat inside source static 192.168.60.21 217.29.49.106 extendable
ROUTES
Border#sh ip rou Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP a - application route + - replicated route, % - next hop override, p - overrides from PfR Gateway of last resort is 217.28.210.33 to network 0.0.0.0 S* 0.0.0.0/0 [1/0] via 217.28.210.33 [1/0] via 77.50.63.241 8.0.0.0/32 is subnetted, 2 subnets S 8.8.4.4 [1/0] via 77.50.63.241 S 8.8.8.8 [1/0] via 217.28.210.33 10.0.0.0/24 is subnetted, 4 subnets O 10.1.1.0 [110/2] via 192.168.100.2, 00:22:27, GigabitEthernet0/1.100 O 10.1.2.0 [110/2] via 192.168.100.2, 00:22:27, GigabitEthernet0/1.100 S 10.7.0.0 [1/0] via 192.168.100.2 S 10.8.0.0 [1/0] via 192.168.100.2 77.0.0.0/8 is variably subnetted, 5 subnets, 2 masks S 77.50.0.4/32 [1/0] via 77.50.63.241 S 77.50.1.4/32 [1/0] via 77.50.63.241 C 77.50.63.240/28 is directly connected, GigabitEthernet0/0.16 L 77.50.63.243/32 is directly connected, GigabitEthernet0/0.16 L 77.50.63.254/32 is directly connected, GigabitEthernet0/0.16 172.16.0.0/16 is variably subnetted, 4 subnets, 2 masks C 172.16.8.0/24 is directly connected, GigabitEthernet0/1.8 L 172.16.8.1/32 is directly connected, GigabitEthernet0/1.8 C 172.16.17.0/24 is directly connected, GigabitEthernet0/1.17 L 172.16.17.1/32 is directly connected, GigabitEthernet0/1.17 192.168.0.0/24 is variably subnetted, 5 subnets, 3 masks S 192.168.0.0/28 [1/0] via 192.168.100.2 C 192.168.0.32/30 is directly connected, Tunnel0 L 192.168.0.34/32 is directly connected, Tunnel0 C 192.168.0.36/30 is directly connected, Tunnel1 L 192.168.0.38/32 is directly connected, Tunnel1 O 192.168.1.0/24 [110/2] via 192.168.100.2, 00:22:27, GigabitEthernet0/1.100 O 192.168.2.0/24 [110/2] via 192.168.100.2, 00:22:27, GigabitEthernet0/1.100 192.168.9.0/24 is variably subnetted, 2 subnets, 2 masks O 192.168.9.0/24 [110/2] via 192.168.100.2, 00:22:27, GigabitEthernet0/1.100 S 192.168.9.2/32 [1/0] via 192.168.100.2 O 192.168.13.0/24 [110/2] via 192.168.100.2, 00:22:27, GigabitEthernet0/1.100 O 192.168.14.0/24 [110/2] via 192.168.100.2, 00:22:27, GigabitEthernet0/1.100 O 192.168.23.0/24 [110/2] via 192.168.100.2, 00:22:27, GigabitEthernet0/1.100 O 192.168.24.0/24 [110/2] via 192.168.100.2, 00:22:27, GigabitEthernet0/1.100 O 192.168.25.0/24 [110/2] via 192.168.100.2, 00:22:27, GigabitEthernet0/1.100 192.168.26.0/30 is subnetted, 1 subnets O 192.168.26.0 [110/1501] via 192.168.0.37, 00:21:31, Tunnel1 O 192.168.27.0/24 [110/2] via 192.168.100.2, 00:22:27, GigabitEthernet0/1.100 192.168.39.0/30 is subnetted, 1 subnets S 192.168.39.0 [1/0] via 192.168.100.2 S 192.168.55.0/24 [1/0] via 192.168.100.2 S 192.168.57.0/24 [1/0] via 192.168.100.2 [1/0] via 192.168.55.2 O 192.168.58.0/24 [110/1010] via 192.168.85.14, 00:22:00, Tunnel10 O 192.168.60.0/24 [110/2] via 192.168.100.2, 00:22:27, GigabitEthernet0/1.100 O 192.168.61.0/24 [110/2] via 192.168.100.2, 00:22:27, GigabitEthernet0/1.100 O 192.168.65.0/24 [110/2] via 192.168.100.2, 00:22:27, GigabitEthernet0/1.100 O 192.168.75.0/24 [110/1501] via 192.168.0.37, 00:21:31, Tunnel1 192.168.78.0/25 is subnetted, 2 subnets O 192.168.78.0 [110/1501] via 192.168.0.37, 00:21:31, Tunnel1 O 192.168.78.128 [110/1501] via 192.168.0.37, 00:21:31, Tunnel1 O 192.168.79.0/24 [110/2] via 192.168.100.2, 00:22:27, GigabitEthernet0/1.100 192.168.83.0/26 is subnetted, 3 subnets O 192.168.83.0 [110/13] via 192.168.85.10, 00:21:50, Tunnel9 O 192.168.83.64 [110/13] via 192.168.85.10, 00:21:50, Tunnel9 O 192.168.83.192 [110/13] via 192.168.85.10, 00:21:50, Tunnel9 192.168.84.0/24 is variably subnetted, 3 subnets, 2 masks O 192.168.84.0/25 [110/20] via 192.168.85.6, 00:21:50, Tunnel8 O 192.168.84.128/25 [110/20] via 192.168.85.6, 00:21:50, Tunnel8 O 192.168.84.150/32 [110/2] via 192.168.100.2, 00:22:27, GigabitEthernet0/1.100 192.168.85.0/24 is variably subnetted, 12 subnets, 2 masks C 192.168.85.0/30 is directly connected, Tunnel3 L 192.168.85.1/32 is directly connected, Tunnel3 C 192.168.85.4/30 is directly connected, Tunnel8 L 192.168.85.5/32 is directly connected, Tunnel8 C 192.168.85.8/30 is directly connected, Tunnel9 L 192.168.85.9/32 is directly connected, Tunnel9 C 192.168.85.12/30 is directly connected, Tunnel10 L 192.168.85.13/32 is directly connected, Tunnel10 C 192.168.85.16/30 is directly connected, Tunnel11 L 192.168.85.17/32 is directly connected, Tunnel11 C 192.168.85.20/30 is directly connected, Tunnel12 L 192.168.85.22/32 is directly connected, Tunnel12 O 192.168.86.0/24 [110/20] via 192.168.85.2, 00:21:50, Tunnel3 O 192.168.97.0/24 [110/2] via 192.168.100.2, 00:22:27, GigabitEthernet0/1.100 192.168.100.0/24 is variably subnetted, 2 subnets, 2 masks C 192.168.100.0/24 is directly connected, GigabitEthernet0/1.100 L 192.168.100.3/32 is directly connected, GigabitEthernet0/1.100 O 192.168.120.0/24 [110/2] via 192.168.100.2, 00:22:27, GigabitEthernet0/1.100 O 192.168.121.0/24 [110/2] via 192.168.100.2, 00:22:27, GigabitEthernet0/1.100 O 192.168.122.0/24 [110/2] via 192.168.100.2, 00:22:27, GigabitEthernet0/1.100 S 192.168.123.0/24 [1/0] via 192.168.85.18 192.168.127.0/28 is subnetted, 1 subnets O 192.168.127.0 [110/2] via 192.168.100.2, 00:22:27, GigabitEthernet0/1.100 S 192.168.128.0/20 [1/0] via 192.168.100.2 O 192.168.176.0/24 [110/2] via 192.168.100.2, 00:22:27, GigabitEthernet0/1.100 O 192.168.177.0/24 [110/2] via 192.168.100.2, 00:22:27, GigabitEthernet0/1.100 O 192.168.178.0/24 [110/2] via 192.168.100.2, 00:22:27, GigabitEthernet0/1.100 O 192.168.179.0/24 [110/2] via 192.168.100.2, 00:22:27, GigabitEthernet0/1.100 O 192.168.200.0/24 [110/2] via 192.168.100.2, 00:22:27, GigabitEthernet0/1.100 O 192.168.220.0/24 [110/2] via 192.168.100.2, 00:22:27, GigabitEthernet0/1.100 S 192.168.232.0/24 [1/0] via 192.168.100.2 S 192.168.233.0/24 [1/0] via 192.168.100.2 217.28.208.0/32 is subnetted, 1 subnets S 217.28.208.8 [1/0] via 217.28.210.33 217.28.210.0/24 is variably subnetted, 15 subnets, 3 masks S 217.28.210.10/32 [1/0] via 217.28.210.33 C 217.28.210.32/30 is directly connected, GigabitEthernet0/0.15 L 217.28.210.34/32 is directly connected, GigabitEthernet0/0.15 C 217.28.210.224/27 is directly connected, GigabitEthernet0/0.6 L 217.28.210.231/32 is directly connected, GigabitEthernet0/0.6 L 217.28.210.233/32 is directly connected, GigabitEthernet0/0.6 L 217.28.210.234/32 is directly connected, GigabitEthernet0/0.6 L 217.28.210.237/32 is directly connected, GigabitEthernet0/0.6 L 217.28.210.242/32 is directly connected, GigabitEthernet0/0.6 L 217.28.210.243/32 is directly connected, GigabitEthernet0/0.6 L 217.28.210.250/32 is directly connected, GigabitEthernet0/0.6 L 217.28.210.251/32 is directly connected, GigabitEthernet0/0.6 L 217.28.210.252/32 is directly connected, GigabitEthernet0/0.6 L 217.28.210.253/32 is directly connected, GigabitEthernet0/0.6 L 217.28.210.254/32 is directly connected, GigabitEthernet0/0.6 217.28.213.0/27 is subnetted, 1 subnets S 217.28.213.224 [1/0] via 217.29.49.110 217.29.49.0/24 is variably subnetted, 5 subnets, 2 masks C 217.29.49.96/28 is directly connected, GigabitEthernet0/0.49 L 217.29.49.97/32 is directly connected, GigabitEthernet0/0.49 L 217.29.49.100/32 is directly connected, GigabitEthernet0/0.49 L 217.29.49.105/32 is directly connected, GigabitEthernet0/0.49 L 217.29.49.106/32 is directly connected, GigabitEthernet0/0.49 Border#
10-18-2020 08:57 AM
i have created 2 route-maps, with same logic, but different names to avoid error. So there will be TELENET-D to dynamic nat and TELENET-S to static. Tomorrow i will check while connecting cables to 4351.
%Route map rt-map TELENET is already used by a dynamic mapping and cannot be share with a static mappin
route-map TELENET-D permit 10 match ip address NAT match interface GigabitEthernet0/0/0.15 ! route-map TELENET-S permit 10 match ip address NAT match interface GigabitEthernet0/0/0.15 ! route-map HOP permit 10 match ip address LAN1 set ip next-hop verify-availability 217.28.210.33 10 track 101 set ip next-hop 77.50.63.241 ! route-map HOP permit 20 match ip address LAN2 set ip next-hop verify-availability 77.50.63.241 10 track 102 set ip next-hop 217.28.210.33 ! route-map HOP2 permit 10 match ip address LAN3 set ip next-hop 217.28.210.33 ! route-map STARLINK-S permit 10 match ip address NAT match interface GigabitEthernet0/0/0.16 ! route-map WAN252 permit 10 match ip address NAT252 match interface GigabitEthernet0/0/0.15 ! route-map STARLINK-D permit 10 match ip address NAT match interface GigabitEthernet0/0/0.16 ! ip nat pool WAN252 217.28.210.252 217.28.210.252 netmask 255.255.255.224 ip nat inside source static 172.16.8.11 77.50.63.243 route-map STARLINK-S extendable ip nat inside source static tcp 192.168.1.114 2222 217.28.210.231 2222 route-map TELENET-S extendable ip nat inside source static tcp 192.168.1.114 443 217.28.210.231 10443 route-map TELENET-S extendable ip nat inside source static 192.168.78.30 217.28.210.233 route-map TELENET-S extendable ip nat inside source static 192.168.2.181 217.28.210.234 ip nat inside source static tcp 192.168.60.32 3389 217.28.210.237 443 route-map TELENET-S extendable ip nat inside source static tcp 192.168.60.32 1433 217.28.210.237 1433 route-map TELENET-S extendable ip nat inside source static tcp 192.168.60.32 3389 217.28.210.237 33989 route-map TELENET-S extendable ip nat inside source static tcp 192.168.60.33 3389 217.28.210.237 33990 route-map TELENET-S extendable ip nat inside source static tcp 172.16.8.12 80 217.28.210.242 80 route-map TELENET-S extendable ip nat inside source static tcp 172.16.8.12 443 217.28.210.242 443 route-map TELENET-S extendable ip nat inside source static tcp 172.16.8.13 443 217.28.210.243 443 route-map TELENET-S extendable ip nat inside source static tcp 192.168.1.80 443 217.28.210.250 443 extendable ip nat inside source static tcp 192.168.1.113 80 217.28.210.251 80 route-map TELENET-S extendable ip nat inside source static tcp 192.168.1.113 443 217.28.210.251 443 route-map TELENET-S extendable ip nat inside source static tcp 172.16.8.239 25 217.28.210.252 25 extendable ip nat inside source static tcp 192.168.57.11 80 217.28.210.252 80 route-map TELENET-S extendable ip nat inside source static tcp 192.168.57.11 443 217.28.210.252 443 route-map TELENET-S extendable ip nat inside source static tcp 192.168.57.11 587 217.28.210.252 587 route-map TELENET-S extendable ip nat inside source static tcp 192.168.57.11 993 217.28.210.252 993 route-map TELENET-S extendable ip nat inside source static tcp 192.168.57.3 995 217.28.210.252 995 route-map TELENET-S extendable ip nat inside source static tcp 192.168.57.11 25 217.28.210.253 25 route-map TELENET-S extendable ip nat inside source static tcp 192.168.57.3 80 217.28.210.253 80 route-map TELENET-S extendable ip nat inside source static tcp 192.168.57.3 443 217.28.210.253 443 route-map TELENET-S extendable ip nat inside source static tcp 192.168.57.11 587 217.28.210.253 587 route-map TELENET-S extendable ip nat inside source static tcp 192.168.60.3 22 217.29.49.100 22 extendable ip nat inside source static 192.168.1.100 217.29.49.105 extendable ip nat inside source static 192.168.60.21 217.29.49.106 extendable ip nat inside source route-map STARLINK-D interface GigabitEthernet0/0/0.16 overload ip nat inside source route-map TELENET-D interface GigabitEthernet0/0/0.6 overload ip nat inside source route-map WAN252 pool WAN252 overload ip nat inside source list NAT_LOCAL interface GigabitEthernet0/0/0.6 overload
10-18-2020 10:33 PM
does not working..... O_o
BORDER-ISR4351# 000100: Oct 19 06:43:10 MSK: IP: s=217.28.210.232 (GigabitEthernet0/0/0.6), d=255.255.255.255, len 68, policy match 000101: Oct 19 06:43:10 MSK: IP: route map HOP2, item 10, permit 000102: Oct 19 06:43:10 MSK: IP: s=217.28.210.232 (GigabitEthernet0/0/0.6), d=255.255.255.255 (GigabitEthernet0/0/0.15), len 68, policy routed 000103: Oct 19 06:43:10 MSK: IP: GigabitEthernet0/0/0.6 to GigabitEthernet0/0/0.15 217.28.210.33 BORDER-ISR4351# 000104: Oct 19 06:43:16 MSK: IP: s=217.28.210.229 (GigabitEthernet0/0/0.6), d=255.255.255.255, len 85, policy match 000105: Oct 19 06:43:16 MSK: IP: route map HOP2, item 10, permit 000106: Oct 19 06:43:16 MSK: IP: s=217.28.210.229 (GigabitEthernet0/0/0.6), d=255.255.255.255 (GigabitEthernet0/0/0.15), len 85, policy routed 000107: Oct 19 06:43:16 MSK: IP: GigabitEthernet0/0/0.6 to GigabitEthernet0/0/0.15 217.28.210.33 BORDER-ISR4351# 000108: Oct 19 06:43:21 MSK: IP: s=0.0.0.0 (GigabitEthernet0/0/0.6), d=255.255.255.255 (nil), len 328, policy rejected -- normal forwarding BORDER-ISR4351# 000109: Oct 19 06:43:25 MSK: IP: s=0.0.0.0 (GigabitEthernet0/0/0.6), d=255.255.255.255 (nil), len 328, policy rejected -- normal forwarding BORDER-ISR4351# 000110: Oct 19 06:43:33 MSK: IP: s=0.0.0.0 (GigabitEthernet0/0/0.6), d=255.255.255.255 (nil), len 328, policy rejected -- normal forwarding BORDER-ISR4351# 000111: Oct 19 06:43:44 MSK: IP: s=217.28.210.232 (GigabitEthernet0/0/0.6), d=255.255.255.255, len 68, policy match 000112: Oct 19 06:43:44 MSK: IP: route map HOP2, item 10, permit 000113: Oct 19 06:43:44 MSK: IP: s=217.28.210.232 (GigabitEthernet0/0/0.6), d=255.255.255.255 (GigabitEthernet0/0/0.15), len 68, policy routed 000114: Oct 19 06:43:44 MSK: IP: GigabitEthernet0/0/0.6 to GigabitEthernet0/0/0.15 217.28.210.33 BORDER-ISR4351# 000115: Oct 19 06:43:49 MSK: IP: s=0.0.0.0 (GigabitEthernet0/0/0.6), d=255.255.255.255 (nil), len 328, policy rejected -- normal forwarding BORDER-ISR4351# 000116: Oct 19 06:44:19 MSK: IP: s=217.28.210.232 (GigabitEthernet0/0/0.6), d=255.255.255.255, len 68, policy match 000117: Oct 19 06:44:19 MSK: IP: route map HOP2, item 10, permit 000118: Oct 19 06:44:19 MSK: IP: s=217.28.210.232 (GigabitEthernet0/0/0.6), d=255.255.255.255 (GigabitEthernet0/0/0.15), len 68, policy routed 000119: Oct 19 06:44:19 MSK: IP: GigabitEthernet0/0/0.6 to GigabitEthernet0/0/0.15 217.28.210.33 BORDER-ISR4351# 000120: Oct 19 06:44:38 MSK: IP: s=217.28.210.229 (GigabitEthernet0/0/0.6), d=217.28.210.255, len 86, policy match 000121: Oct 19 06:44:38 MSK: IP: route map HOP2, item 10, permit 000122: Oct 19 06:44:38 MSK: IP: s=217.28.210.229 (GigabitEthernet0/0/0.6), d=217.28.210.255 (GigabitEthernet0/0/0.15), len 86, policy routed 000123: Oct 19 06:44:38 MSK: IP: GigabitEthernet0/0/0.6 to GigabitEthernet0/0/0.15 217.28.210.33 BORDER-ISR4351# 000124: Oct 19 06:44:54 MSK: IP: s=217.28.210.232 (GigabitEthernet0/0/0.6), d=255.255.255.255, len 68, policy match 000125: Oct 19 06:44:54 MSK: IP: route map HOP2, item 10, permit 000126: Oct 19 06:44:54 MSK: IP: s=217.28.210.232 (GigabitEthernet0/0/0.6), d=255.255.255.255 (GigabitEthernet0/0/0.15), len 68, policy routed 000127: Oct 19 06:44:54 MSK: IP: GigabitEthernet0/0/0.6 to GigabitEthernet0/0/0.15 217.28.210.33[/code]
I don't know why...
when I plugging in ISP cables to new border 4351 I cannot ping second ISP 77.50.63.241
i will raise a ticket with them...maybe they are bloking new MAC or something else.
attached is config s 2951 and 4351. what could cause a ploblem...my skills cannot answer
10-18-2020 10:34 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide