cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1049
Views
0
Helpful
2
Replies

Issue with NAT Both Directions, encapsulation failed

qr_israel
Level 1
Level 1

Hi, i need help, im trying to configure NAT for both directions (Source address an Destination Address).

I have 4 Networks.

Network A 172.16.25.0

IP ADDRESS NAT INSIDE B 172.16.111.124 OVERLOAD

IP ADDRESS of the HOST C 172.16.18.22

IP ADDRESS NAT OUTSIDE STATIC 10.24.137.3

When an IP of Network A is trying to reach an IP fo Network C, first the IP of Network A (Source) i have to change for one IP of Network B., after, the IP of Network C has to be natted for one IP of the Net D

Router

________

IP 172.16.25.79 to Reach 172.16.18.22 -->| NAT |--> 172.16.111.124 to reach 10.24.137.3

|________|

I have this Configuration

ip nat pool NAT_pool 172.16.111.124 172.16.111.124 netmask 255.255.255.128

ip nat inside source list Access_NAT pool NAT_pool overload

ip nat outside source static 10.24.137.3 172.16.18.22

ip classless

ip route 0.0.0.0 0.0.0.0 172.16.70.1

ip route 10.24.137.0 255.255.255.0 172.16.111.1

ip route 172.16.18.22 255.255.255.255 FastEthernet0/1.111

ip access-list extended Access_NAT

permit ip host 172.16.25.79 10.24.137.3 0.0.0.0

interface FastEthernet0/0

ip address 172.16.70.250 255.255.255.0

ip nat inside

duplex full

speed 100

interface FastEthernet0/1.111

encapsulation dot1Q 111

ip address 172.16.111.124 255.255.255.128

ip nat outside

no cdp enable

ip route 0.0.0.0 0.0.0.0 172.16.70.1

ip route 10.24.137.0 255.255.255.0 172.16.111.1

ip route 172.16.18.22 255.255.255.255 FastEthernet0/1.111

When i do tests i can reach the IP 172.16.18.22, but when i check sh ip nat translations

Pro Inside global Inside local Outside local Outside global

icmp 172.16.111.124:512 172.16.25.79:512 172.16.18.22:512 10.24.137.3:512

--- --- --- 172.16.18.22 10.24.137.3

and with the command sh ip packet i got this issue

*Jun 15 01:14:54.582: IP: s=172.16.111.124 (FastEthernet0/0), d=10.24.137.3 (FastEthernet0/1.111), g=10.24.137.3, len 60, forward

*Jun 15 01:14:54.582: IP: s=172.16.111.124 (FastEthernet0/0), d=10.24.137.3 (FastEthernet0/1.111), len 60, encapsulation failed

Anyone knows what is the cause that i cant reach the Destination IP???

2 Replies 2

rtanner
Level 1
Level 1

Encapsulation failed means the router knows the interace but not the next hop MAC address. Since NAT order of operation from in to out is to route then NAT, I suspect the route for the outside local address is incorrect.

try changing,

ip route 172.16.18.22 255.255.255.255 FastEthernet0/1.111

to

ip route 172.16.18.22 255.255.255.255 172.16.111.1

refs:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_tech_note09186a00800a6057.shtml

and NAT order of operation

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080133ddd.shtml

HTH

Ross

Thanks, its working.

Just i only changed the route.

i did a ping to destination and it responded.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco