04-10-2007 03:41 PM - edited 03-03-2019 04:29 PM
Hi, i need help, im trying to configure NAT for both directions (Source address an Destination Address).
I have 4 Networks.
Network A 172.16.25.0
IP ADDRESS NAT INSIDE B 172.16.111.124 OVERLOAD
IP ADDRESS of the HOST C 172.16.18.22
IP ADDRESS NAT OUTSIDE STATIC 10.24.137.3
When an IP of Network A is trying to reach an IP fo Network C, first the IP of Network A (Source) i have to change for one IP of Network B., after, the IP of Network C has to be natted for one IP of the Net D
Router
________
IP 172.16.25.79 to Reach 172.16.18.22 -->| NAT |--> 172.16.111.124 to reach 10.24.137.3
|________|
I have this Configuration
ip nat pool NAT_pool 172.16.111.124 172.16.111.124 netmask 255.255.255.128
ip nat inside source list Access_NAT pool NAT_pool overload
ip nat outside source static 10.24.137.3 172.16.18.22
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.70.1
ip route 10.24.137.0 255.255.255.0 172.16.111.1
ip route 172.16.18.22 255.255.255.255 FastEthernet0/1.111
ip access-list extended Access_NAT
permit ip host 172.16.25.79 10.24.137.3 0.0.0.0
interface FastEthernet0/0
ip address 172.16.70.250 255.255.255.0
ip nat inside
duplex full
speed 100
interface FastEthernet0/1.111
encapsulation dot1Q 111
ip address 172.16.111.124 255.255.255.128
ip nat outside
no cdp enable
ip route 0.0.0.0 0.0.0.0 172.16.70.1
ip route 10.24.137.0 255.255.255.0 172.16.111.1
ip route 172.16.18.22 255.255.255.255 FastEthernet0/1.111
When i do tests i can reach the IP 172.16.18.22, but when i check sh ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 172.16.111.124:512 172.16.25.79:512 172.16.18.22:512 10.24.137.3:512
--- --- --- 172.16.18.22 10.24.137.3
and with the command sh ip packet i got this issue
*Jun 15 01:14:54.582: IP: s=172.16.111.124 (FastEthernet0/0), d=10.24.137.3 (FastEthernet0/1.111), g=10.24.137.3, len 60, forward
*Jun 15 01:14:54.582: IP: s=172.16.111.124 (FastEthernet0/0), d=10.24.137.3 (FastEthernet0/1.111), len 60, encapsulation failed
Anyone knows what is the cause that i cant reach the Destination IP???
04-10-2007 07:36 PM
Encapsulation failed means the router knows the interace but not the next hop MAC address. Since NAT order of operation from in to out is to route then NAT, I suspect the route for the outside local address is incorrect.
try changing,
ip route 172.16.18.22 255.255.255.255 FastEthernet0/1.111
to
ip route 172.16.18.22 255.255.255.255 172.16.111.1
refs:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_tech_note09186a00800a6057.shtml
and NAT order of operation
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080133ddd.shtml
HTH
Ross
04-12-2007 01:21 PM
Thanks, its working.
Just i only changed the route.
i did a ping to destination and it responded.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: