Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1094
Views
0
Helpful
2
Replies

Issue with NAT Both Directions, encapsulation failed

qr_israel
Level 1
Level 1

‎04-10-2007 03:41 PM - edited ‎03-03-2019 04:29 PM

Hi, i need help, im trying to configure NAT for both directions (Source address an Destination Address).

I have 4 Networks.

Network A 172.16.25.0

IP ADDRESS NAT INSIDE B 172.16.111.124 OVERLOAD

IP ADDRESS of the HOST C 172.16.18.22

IP ADDRESS NAT OUTSIDE STATIC 10.24.137.3

When an IP of Network A is trying to reach an IP fo Network C, first the IP of Network A (Source) i have to change for one IP of Network B., after, the IP of Network C has to be natted for one IP of the Net D

Router

________

IP 172.16.25.79 to Reach 172.16.18.22 -->| NAT |--> 172.16.111.124 to reach 10.24.137.3

|________|

I have this Configuration

ip nat pool NAT_pool 172.16.111.124 172.16.111.124 netmask 255.255.255.128

ip nat inside source list Access_NAT pool NAT_pool overload

ip nat outside source static 10.24.137.3 172.16.18.22

ip classless

ip route 0.0.0.0 0.0.0.0 172.16.70.1

ip route 10.24.137.0 255.255.255.0 172.16.111.1

ip route 172.16.18.22 255.255.255.255 FastEthernet0/1.111

ip access-list extended Access_NAT

permit ip host 172.16.25.79 10.24.137.3 0.0.0.0

interface FastEthernet0/0

ip address 172.16.70.250 255.255.255.0

ip nat inside

duplex full

speed 100

interface FastEthernet0/1.111

encapsulation dot1Q 111

ip address 172.16.111.124 255.255.255.128

ip nat outside

no cdp enable

ip route 0.0.0.0 0.0.0.0 172.16.70.1

ip route 10.24.137.0 255.255.255.0 172.16.111.1

ip route 172.16.18.22 255.255.255.255 FastEthernet0/1.111

When i do tests i can reach the IP 172.16.18.22, but when i check sh ip nat translations

Pro Inside global Inside local Outside local Outside global

icmp 172.16.111.124:512 172.16.25.79:512 172.16.18.22:512 10.24.137.3:512

--- --- --- 172.16.18.22 10.24.137.3

and with the command sh ip packet i got this issue

*Jun 15 01:14:54.582: IP: s=172.16.111.124 (FastEthernet0/0), d=10.24.137.3 (FastEthernet0/1.111), g=10.24.137.3, len 60, forward

*Jun 15 01:14:54.582: IP: s=172.16.111.124 (FastEthernet0/0), d=10.24.137.3 (FastEthernet0/1.111), len 60, encapsulation failed

Anyone knows what is the cause that i cant reach the Destination IP???

Labels:
0 Helpful
2 Replies 2

rtanner
Level 1
Level 1

‎04-10-2007 07:36 PM

Encapsulation failed means the router knows the interace but not the next hop MAC address. Since NAT order of operation from in to out is to route then NAT, I suspect the route for the outside local address is incorrect.

try changing,

ip route 172.16.18.22 255.255.255.255 FastEthernet0/1.111

to

ip route 172.16.18.22 255.255.255.255 172.16.111.1

refs:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_tech_note09186a00800a6057.shtml

and NAT order of operation

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080133ddd.shtml

HTH

Ross

0 Helpful

qr_israel
Level 1
Level 1
In response to rtanner

‎04-12-2007 01:21 PM

Thanks, its working.

Just i only changed the route.

i did a ping to destination and it responded.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card