cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Bookmark
|
Subscribe
|
1259
Views
0
Helpful
9
Replies

NAT pool change not working

omz
VIP Alumni
VIP Alumni

Hi, 

 

I want to change the NAT pool on a router. But post-change NAT/ping is not working. If I ping an ip through the NAT router, I can see the icmp translation but no replies new config (works with old config). debug ip nat outputs nothing. 

 

Old working config - 

interface GigabitEthernet0/0/1.1
ip nat outside

interface GigabitEthernet0/0/0
ip nat inside

 

ip prefix-list ABC seq 60 permit 10.x.4.0/24

ip nat pool ABC 10.x.4.1 10.x.4.254 netmask 255.255.255.0

ip route 10.x.4.0 255.255.255.0 Null0 tag 100

 

New config - 

no ip prefix-list ABC seq 60 permit 10.x.4.0/24

ip prefix-list ABC seq 65 permit 10.x.4.0/22


no ip nat pool ABC 10.x.4.1 10.139.4.254 netmask 255.255.255.0
ip nat pool ABC 10.x.4.1 10.x.7.254 netmask 255.255.252.0


no ip route 10.x.4.0 255.255.255.0 Null0 tag 100
ip route 10.x.4.0 255.255.252.0 Null0 tag 100

 

Any ideas? Thanks

9 Replies 9

Hello,

 

what is the null route for ? Post the full configuration of your router. Did you try and reload the router after changing the pool ?

Unfortunately, full config is too large to sanitize and post. 

 

the null route is part of a prefix-list applied to BGP neighbor route-map. I didnt reload the router after the change.

I reverted back to /24 from /22 and pings worked. 

 

neighbor x.x.x.x route-map XYZ out

 

route-map XYZ permit 10
match ip address prefix-list ABC

 

ip prefix-list ABC seq 30 permit 10.x.1.0/24
ip prefix-list ABC seq 40 permit 10.x.2.0/24
ip prefix-list ABC seq 50 permit 10.x.3.0/24
ip prefix-list ABC seq 60 permit 10.x.4.0/24

 

Thanks 

 

Topology and router config would be helpful. So I'll be just guessing. Your router advertising new subnets 10.x.4.0/22. Is neighbor router getting it over BGP? Could be that reverse router doesn't know path back to your NAT router.

 

try on NAT router after you apply new config

#clear ip bgp soft * out

Best regards,
Abzal

When we make a change to a BGP neighbor route-map .. my experience is .. clear ip bgp soft * out .. is not required. 

Everythime I make a change to the route-map or bgp config for a neighbor .. bgp table version is incremented. 

 

But yes I did .. clear ip bgp soft for the neighbor. 

 

Hello

Whats your reasoning on changing from a /24 to a /22 network - do you have a /22 internal network to be translated?

When you say nat stops translation, do you mean for the 10.0.4.0/24 users within the new specified range or as a whole?


Can you elaborate on your issue?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Hi Paul, 

Reason to change from /24 to /22 is to increase the pool size. There are times when NAT pool is exhausted. There are more internal users. 

/24 works fine - I can ping a remote server through the NAT router and see icmp translation. 

When I replace the /24 config with /22 - I cannot ping the server but I do see icmp translation.

If I revert back to /24 - pings work. 

 

I hope this makes sense. 

Hello

Can you post

sh run | in ip nat
sh ip route connected

sh ip int brief | in up


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

sh run | in ip nat
ip nat inside
ip nat outside
ip nat translation timeout 7200
ip nat pool ABC 10.x.4.1 10.x.4.254 netmask 255.255.255.0
ip nat inside source list 10 pool ABC

 

Standard IP access list 10
10 permit 10.0.0.0, wildcard bits 0.255.255.255


Gateway of last resort is 10.255.253.253 to network 0.0.0.0

10.0.0.0/8 is variably subnetted, 1214 subnets, 12 masks
C 10.255.253.252/30 is directly connected, GigabitEthernet0/0/0
L 10.255.253.254/32 is directly connected, GigabitEthernet0/0/0
172.18.0.0/16 is variably subnetted, 4 subnets, 3 masks
C 172.18.9.0/29 is directly connected, GigabitEthernet0/0/1.1
L 172.18.9.3/32 is directly connected, GigabitEthernet0/0/1.1
C 172.16.12.3/32 is directly connected, Loopback10

 

sh ip int brief | in up
GigabitEthernet0/0/0 10.255.253.254 YES NVRAM up up
GigabitEthernet0/0/1 unassigned YES manual up up
Gi0/0/1.1 172.18.9.3 YES manual up up
Loopback10 172.16.12.3 YES NVRAM up up

Hello

Your inside local subnet doesn't fit into the ip range to the translated and I don't see anyother interface in this /22 ip range?
ip nat pool ABC 10.x.4.1 10.x.7.254 netmask 255.255.252.0
GigabitEthernet0/0/0 10.255.253.254 YES NVRAM up up
interface GigabitEthernet0/0/0

Also as you don't seem to have any physical connected interface in the ip range of your specified static null route it looks like it would be blackholing any traffic going to 10.x.4.0/22 ?

So TBH not sure how this worked in the first place unless you've not shared the correct detail?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul