Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
842
Views
0
Helpful
5
Replies

Nat lab Question

aaron.cowell.au
Level 1
Level 1

ā€Ž03-01-2012 12:04 AM - edited ā€Ž03-07-2019 05:16 AM

Sorry to bother again. I am setting up a lab and am having troble getting nat to work. The startup config files are below. When pinging 10.0.0.254 from router R6 I get the following debug information on nat router.

*Mar  1 18:58:04.851: NAT: translation failed (A), dropping packet s=192.168.0.254 d=10.0.0.254

*Mar  1 18:58:04.955: NAT: translation failed (A), dropping packet s=192.168.0.254 d=10.0.0.254

R5#

*Mar  1 18:58:06.987: NAT: translation failed (A), dropping packet s=192.168.0.254 d=10.0.0.254

*Mar  1 18:58:07.107: NAT: translation failed (A), dropping packet s=192.168.0.254 d=10.0.0.254

R5#

*Mar  1 18:58:09.055: NAT: translation failed (A), dropping packet s=192.168.0.254 d=10.0.0.254

=========================

!

!

upgrade fpd auto

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R4

!

boot-start-marker

boot-end-marker

!

logging message-counter syslog

!

no aaa new-model

ip source-route

ip cef

!

!

!

!

no ip domain lookup

no ipv6 cef

!

multilink bundle-name authenticated

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

memory-size iomem 0

archive

log config

hidekeys

!

!

!

!

!

!

!

!

!

interface FastEthernet0/0

no ip address

shutdown

duplex half

!

interface GigabitEthernet1/0

ip address 10.0.0.254 255.255.255.0

negotiation auto

!

router eigrp 10

network 10.0.0.0

auto-summary

!

router rip

network 10.0.0.0

neighbor 10.0.0.1

!

ip forward-protocol nd

no ip http server

no ip http secure-server

!

!

!

!

!

!

!

!

!

control-plane

!

!

!

mgcp fax t38 ecm

!

!

!

!

gatekeeper

shutdown

!

!

line con 0

exec-timeout 0 0

logging synchronous

stopbits 1

line aux 0

stopbits 1

line vty 0 4

login

!

end

=========================

!

!

upgrade fpd auto

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R5

!

boot-start-marker

boot-end-marker

!

logging message-counter syslog

!

no aaa new-model

ip source-route

ip cef

!

!

!

!

no ip domain lookup

no ipv6 cef

!

multilink bundle-name authenticated

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

memory-size iomem 0

archive

log config

hidekeys

!

!

!

!

!

!

!

!

!

interface FastEthernet0/0

no ip address

shutdown

duplex half

!

interface GigabitEthernet1/0

ip address 10.0.0.1 255.255.255.0

ip nat outside

ip virtual-reassembly

negotiation auto

!

interface Serial2/0

ip address 192.168.0.1 255.255.255.0

ip nat inside

ip virtual-reassembly

serial restart-delay 0

!

interface Serial2/1

no ip address

shutdown

serial restart-delay 0

!

interface Serial2/2

no ip address

shutdown

serial restart-delay 0

!

interface Serial2/3

no ip address

shutdown

serial restart-delay 0

!

interface Serial2/4

no ip address

shutdown

serial restart-delay 0

!

interface Serial2/5

no ip address

shutdown

serial restart-delay 0

!

interface Serial2/6

no ip address

shutdown

serial restart-delay 0

!

interface Serial2/7

no ip address

shutdown

serial restart-delay 0

!

router eigrp 10

network 10.0.0.0

network 192.168.0.0

auto-summary

!

router rip

network 10.0.0.0

network 192.168.0.0

neighbor 192.168.0.254

neighbor 10.0.0.254

!

ip forward-protocol nd

no ip http server

no ip http secure-server

!

!

ip nat pool tester1 10.0.0.1 10.0.0.1 netmask 255.255.255.0

ip nat inside source list 99 pool tester1

!

access-list 99 permit any

!

!

!

!

!

!

control-plane

!

!

!

mgcp fax t38 ecm

!

!

!

!

gatekeeper

shutdown

!

!

line con 0

exec-timeout 0 0

logging synchronous

stopbits 1

line aux 0

stopbits 1

line vty 0 4

login

!

end

=========================

!

!

upgrade fpd auto

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R6

!

boot-start-marker

boot-end-marker

!

logging message-counter syslog

!

no aaa new-model

ip source-route

ip cef

!

!

!

!

no ip domain lookup

no ipv6 cef

!

multilink bundle-name authenticated

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

memory-size iomem 0

archive

log config

hidekeys

!

!

!

!

!

!

!

!

!

interface FastEthernet0/0

no ip address

shutdown

duplex half

!

interface Serial1/0

ip address 192.168.0.254 255.255.255.0

serial restart-delay 0

!

interface Serial1/1

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/2

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/3

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/4

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/5

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/6

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/7

no ip address

shutdown

serial restart-delay 0

!

router eigrp 10

network 192.168.0.0

auto-summary

!

router rip

network 192.168.0.0

neighbor 192.168.0.1

!

ip forward-protocol nd

no ip http server

no ip http secure-server

!

!

!

!

!

!

!

!

!

control-plane

!

!

!

mgcp fax t38 ecm

!

!

!

!

gatekeeper

shutdown

!

!

line con 0

exec-timeout 0 0

logging synchronous

stopbits 1

line aux 0

stopbits 1

line vty 0 4

login

!

end

=========================

Labels:
0 Helpful
5 Replies 5

cadet alain
VIP Alumni
VIP Alumni

ā€Ž03-01-2012 12:49 AM

Hi,

can you try this:

ip nat inside source list 99 pool tester1 overload

no access-list 99

access-list 99 permit 192.168.0.0 0.0.0.255

Regards.

Alain

Don't forget to rate helpful posts.
0 Helpful

aaron.cowell.au
Level 1
Level 1
In response to cadet alain

ā€Ž03-01-2012 03:25 AM

Did nothing same result.

0 Helpful

Thotsaphon Lueangwattanaphong
Level 7
Level 7
In response to aaron.cowell.au

ā€Ž03-01-2012 03:43 AM

Hello,

You may focus on the routing. You should use "no auto-summary" on all RIP routers as well. You may need to specific which networks have to be advertised for each routing protocol. You may also need to do redistribution.

HTH

Toshi

Sent from Cisco Technical Support iPhone App

0 Helpful

aaron.cowell.au
Level 1
Level 1

ā€Ž03-01-2012 03:50 AM

Ok found solution as below:

ip nat pool tester1 10.0.0.1 10.0.0.2 netmask 255.255.255.0

But what do I do if I only want one ip address as the nat translation. Because I though this would be two 10.0.0.0.1 and 10.0.0.2

Also I can ping into the natted address so I can ping 10.0.0.254 from 192.168.0.254 and the reverse. I thought that with nat the inside address were not accessable from the outside interface? Does this make sense. How to I create this behaviour.

What I want to achive is I will have a public ip address from my ISP and want to NAT it to a private network. I do not want outside public ip address being able to ping the internal ip address.

-----

!

!

upgrade fpd auto

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R5

!

boot-start-marker

boot-end-marker

!

logging message-counter syslog

!

no aaa new-model

ip source-route

ip cef

!

!

!

!

no ip domain lookup

no ipv6 cef

!

multilink bundle-name authenticated

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

memory-size iomem 0

archive

log config

hidekeys

!

!

!

!

!

!

!

!

!

interface FastEthernet0/0

no ip address

shutdown

duplex half

!

interface GigabitEthernet1/0

ip address 10.0.0.1 255.255.255.0

ip nat outside

ip virtual-reassembly

negotiation auto

!

interface Serial2/0

ip address 192.168.0.1 255.255.255.0

ip nat inside

ip virtual-reassembly

serial restart-delay 0

!

interface Serial2/1

no ip address

shutdown

serial restart-delay 0

!

interface Serial2/2

no ip address

shutdown

serial restart-delay 0

!

interface Serial2/3

no ip address

shutdown

serial restart-delay 0

!

interface Serial2/4

no ip address

shutdown

serial restart-delay 0

!

interface Serial2/5

no ip address

shutdown

serial restart-delay 0

!

interface Serial2/6

no ip address

shutdown

serial restart-delay 0

!

interface Serial2/7

no ip address

shutdown

serial restart-delay 0

!

router eigrp 10

network 10.0.0.0

network 192.168.0.0

auto-summary

!

router rip

network 10.0.0.0

network 192.168.0.0

neighbor 10.0.0.254

neighbor 192.168.0.254

!

ip forward-protocol nd

no ip http server

no ip http secure-server

!

!

ip nat pool tester1 10.0.0.1 10.0.0.2 netmask 255.255.255.0

ip nat source list 99 pool tester overload

ip nat inside source list 99 pool tester1

!

access-list 99 permit 192.168.0.0 0.0.0.255

!

!

!

!

!

!

control-plane

!

!

!

mgcp fax t38 ecm

!

!

!

!

gatekeeper

shutdown

!

!

line con 0

exec-timeout 0 0

logging synchronous

stopbits 1

line aux 0

stopbits 1

line vty 0 4

login

!

end

-----

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to aaron.cowell.au

ā€Ž03-01-2012 04:17 AM

Hi,

do clear ip nat trans

no ip nat pool tester1 10.0.0.1 10.0.0.2 netmask 255.255.255.0

no ip nat source list 99 pool tester overload

no ip nat inside source list 99 pool tester1

ip nat source list 99 interface gig1/0

Regards.

Alain

Don't forget to rate helpful posts.
0 Helpful
Customers Also Viewed These Support Documents