Static NAT Question

Unanswered Question
Jun 18th, 2007
User Badges:

I have two hosts 192.168.5.224 and 192.168.5.225


They need to have a specific address that maps directly to inside global like this

192.168.5.224 -> 10.77.178.224

192.168.5.225 -> 10.77.178.225


Here is my config:

ip nat pool leaps-natpool 10.77.178.11 10.77.178.254 netmask 255.255.255.0

ip nat inside source route-map leaps-map pool leaps-natpool


ip nat inside source static 192.168.5.225 10.77.178.225 route-map leaps-map

ip nat inside source static 192.168.5.226 10.77.178.226 route-map leaps-map

ip nat inside source static 192.168.5.224 10.77.178.224 route-map leaps-map


access-list 101 permit ip 192.168.2.0 0.0.0.255 10.32.0.0 0.0.255.255

access-list 101 permit ip 192.168.3.0 0.0.0.255 10.32.0.0 0.0.255.255

access-list 101 permit ip 192.168.4.0 0.0.0.255 10.32.0.0 0.0.255.255

access-list 101 permit ip 192.168.5.0 0.0.0.255 10.32.0.0 0.0.255.255

access-list 101 permit ip 192.168.6.0 0.0.0.255 10.32.0.0 0.0.255.255

access-list 101 permit ip 192.168.7.0 0.0.0.255 10.32.0.0 0.0.255.255

access-list 101 permit ip 192.168.8.0 0.0.0.255 10.32.0.0 0.0.255.255

access-list 101 permit ip 192.168.9.0 0.0.0.255 10.32.0.0 0.0.255.255

access-list 101 permit ip 192.168.10.0 0.0.0.255 10.32.0.0 0.0.255.255

access-list 101 permit ip 192.168.11.0 0.0.0.255 10.32.0.0 0.0.255.255

access-list 101 permit ip 192.168.12.0 0.0.0.255 10.32.0.0 0.0.255.255



!

route-map leaps-map permit 10

match ip address 101

!


The problem is that 192.168.5.224-225 does not consistently pickup 10.77.178.224-225 associated address.


Any clue as to why this is happening?


Thanks,



Greg

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
s.arunkumar Mon, 06/18/2007 - 20:50
User Badges:
  • Bronze, 100 points or more

since u have put a static entry for 192.168.5.224 and 225 it should show a permeant entry in nat table.verify the same with "sh ip nat trans" cmd.


also try by removing the route-map portion from the static nat commands.there i dont see any use for putting the route-map in the

static nat command.


...lets hear more from experts...

...arun:)


sasif Mon, 06/18/2007 - 21:02
User Badges:

Put "match-host" at the end. Like

"ip nat pool leaps-natpool 10.77.178.11 10.77.178.254 netmask 255.255.255.0 type match-host


Let me know if it works.

thotsaphon Tue, 06/19/2007 - 21:03
User Badges:
  • Gold, 750 points or more

Hi Greg.

Can you provide us with the information of IP addresses (192.168.5.224-225) through "sh ip nat trans | inc .5.244|.5.225".


I wanna know what ip addresses are translated when those ips (192.168.5.224-225) go through nat processing.


For testing could you change the ACL statment as follow:



access-list 101 deny ip host 192.168.5.224 10.32.0.0 0.0.255.255

access-list 101 deny ip host 192.168.5.225 10.32.0.0 0.0.255.255

access-list 101 deny ip host 192.168.5.226 10.32.0.0 0.0.255.255

access-list 101 permit ip 192.168.2.0 0.0.0.255 10.32.0.0 0.0.255.255

access-list 101 permit ip 192.168.3.0 0.0.0.255 10.32.0.0 0.0.255.255

access-list 101 permit ip 192.168.4.0 0.0.0.255 10.32.0.0 0.0.255.255

access-list 101 permit ip 192.168.5.0 0.0.0.255 10.32.0.0 0.0.255.255

access-list 101 permit ip 192.168.6.0 0.0.0.255 10.32.0.0 0.0.255.255

access-list 101 permit ip 192.168.7.0 0.0.0.255 10.32.0.0 0.0.255.255

access-list 101 permit ip 192.168.8.0 0.0.0.255 10.32.0.0 0.0.255.255

access-list 101 permit ip 192.168.9.0 0.0.0.255 10.32.0.0 0.0.255.255

access-list 101 permit ip 192.168.10.0 0.0.0.255 10.32.0.0 0.0.255.255

access-list 101 permit ip 192.168.11.0 0.0.0.255 10.32.0.0 0.0.255.255

access-list 101 permit ip 192.168.12.0 0.0.0.255 10.32.0.0 0.0.255.255


And confirm my confusion with this commands

"clear ip nat trans *"

"show access-l 101"

"sh ip nat trans | inc .5.244|.5.225".


Hope this helps

Thot


Actions

This Discussion