NAT pool change not working
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-12-2018 12:55 AM - edited 03-08-2019 04:35 PM
Hi,
I want to change the NAT pool on a router. But post-change NAT/ping is not working. If I ping an ip through the NAT router, I can see the icmp translation but no replies new config (works with old config). debug ip nat outputs nothing.
Old working config -
interface GigabitEthernet0/0/1.1
ip nat outside
interface GigabitEthernet0/0/0
ip nat inside
ip prefix-list ABC seq 60 permit 10.x.4.0/24
ip nat pool ABC 10.x.4.1 10.x.4.254 netmask 255.255.255.0
ip route 10.x.4.0 255.255.255.0 Null0 tag 100
New config -
no ip prefix-list ABC seq 60 permit 10.x.4.0/24
ip prefix-list ABC seq 65 permit 10.x.4.0/22
no ip nat pool ABC 10.x.4.1 10.139.4.254 netmask 255.255.255.0
ip nat pool ABC 10.x.4.1 10.x.7.254 netmask 255.255.252.0
no ip route 10.x.4.0 255.255.255.0 Null0 tag 100
ip route 10.x.4.0 255.255.252.0 Null0 tag 100
Any ideas? Thanks
- Labels:
-
LAN Switching

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-12-2018 01:19 AM
Hello,
what is the null route for ? Post the full configuration of your router. Did you try and reload the router after changing the pool ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-12-2018 01:30 AM - edited 11-12-2018 01:31 AM
Unfortunately, full config is too large to sanitize and post.
the null route is part of a prefix-list applied to BGP neighbor route-map. I didnt reload the router after the change.
I reverted back to /24 from /22 and pings worked.
neighbor x.x.x.x route-map XYZ out
route-map XYZ permit 10
match ip address prefix-list ABC
ip prefix-list ABC seq 30 permit 10.x.1.0/24
ip prefix-list ABC seq 40 permit 10.x.2.0/24
ip prefix-list ABC seq 50 permit 10.x.3.0/24
ip prefix-list ABC seq 60 permit 10.x.4.0/24
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-12-2018 02:16 AM
Topology and router config would be helpful. So I'll be just guessing. Your router advertising new subnets 10.x.4.0/22. Is neighbor router getting it over BGP? Could be that reverse router doesn't know path back to your NAT router.
try on NAT router after you apply new config
#clear ip bgp soft * out
Abzal
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-12-2018 06:46 AM
When we make a change to a BGP neighbor route-map .. my experience is .. clear ip bgp soft * out .. is not required.
Everythime I make a change to the route-map or bgp config for a neighbor .. bgp table version is incremented.
But yes I did .. clear ip bgp soft for the neighbor.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-12-2018 06:25 AM - edited 11-12-2018 06:28 AM
Hello
Whats your reasoning on changing from a /24 to a /22 network - do you have a /22 internal network to be translated?
When you say nat stops translation, do you mean for the 10.0.4.0/24 users within the new specified range or as a whole?
Can you elaborate on your issue?
Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.
Kind Regards
Paul
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-12-2018 06:39 AM
Hi Paul,
Reason to change from /24 to /22 is to increase the pool size. There are times when NAT pool is exhausted. There are more internal users.
/24 works fine - I can ping a remote server through the NAT router and see icmp translation.
When I replace the /24 config with /22 - I cannot ping the server but I do see icmp translation.
If I revert back to /24 - pings work.
I hope this makes sense.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-12-2018 06:54 AM
Hello
Can you post
sh run | in ip nat
sh ip route connected
sh ip int brief | in up
Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.
Kind Regards
Paul
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-13-2018 01:32 AM
sh run | in ip nat
ip nat inside
ip nat outside
ip nat translation timeout 7200
ip nat pool ABC 10.x.4.1 10.x.4.254 netmask 255.255.255.0
ip nat inside source list 10 pool ABC
Standard IP access list 10
10 permit 10.0.0.0, wildcard bits 0.255.255.255
Gateway of last resort is 10.255.253.253 to network 0.0.0.0
10.0.0.0/8 is variably subnetted, 1214 subnets, 12 masks
C 10.255.253.252/30 is directly connected, GigabitEthernet0/0/0
L 10.255.253.254/32 is directly connected, GigabitEthernet0/0/0
172.18.0.0/16 is variably subnetted, 4 subnets, 3 masks
C 172.18.9.0/29 is directly connected, GigabitEthernet0/0/1.1
L 172.18.9.3/32 is directly connected, GigabitEthernet0/0/1.1
C 172.16.12.3/32 is directly connected, Loopback10
sh ip int brief | in up
GigabitEthernet0/0/0 10.255.253.254 YES NVRAM up up
GigabitEthernet0/0/1 unassigned YES manual up up
Gi0/0/1.1 172.18.9.3 YES manual up up
Loopback10 172.16.12.3 YES NVRAM up up
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-13-2018 04:41 AM - edited 11-13-2018 04:42 AM
Hello
Your inside local subnet doesn't fit into the ip range to the translated and I don't see anyother interface in this /22 ip range?
ip nat pool ABC 10.x.4.1 10.x.7.254 netmask 255.255.252.0
GigabitEthernet0/0/0 10.255.253.254 YES NVRAM up up
interface GigabitEthernet0/0/0
Also as you don't seem to have any physical connected interface in the ip range of your specified static null route it looks like it would be blackholing any traffic going to 10.x.4.0/22 ?
So TBH not sure how this worked in the first place unless you've not shared the correct detail?
Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.
Kind Regards
Paul
