NAT on a stick problem

Unanswered Question
Dec 19th, 2008
User Badges:

Dear all,


I ahve a problem with NAT on stick which I cannot resolve. Basically the internal client(s) 172.31.80.55 (see attached diagram) is accessing the IP address 1.1.1.227. The destination should get translated from 1.1.1.227 into 10.10.118.227 and be forwarded to the gateway/firewall accordingly. It is NOT possible to do this on the gateway/firewall. This why I am looking at NAT on a stick.


I did define an ACL plus a route map matching all traffic from 172.31.80.55 to 1.1.1.227 and forwarding it to the loopback-if 10 as next hop.


Then I have ip nat inside on if lo10 and ip nat outside on if eth0. Further I have the nat statement from the diagram.


What I obesrve is that the ACL is matching and the route map is triggered. However NAT never comes into play. The show ip nat translation verbose always shows a count of zero.


What do I do wrong?


Thanks,

--Joerg




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
John Blakley Fri, 12/19/2008 - 07:22
User Badges:
  • Purple, 4500 points or more

It's hard to say without seeing the router config. I assume that you have an interface that's on the inside that has a 172.31.80.x addressing? Do you have "ip nat inside" on this interface?


HTH,


John

with_joerg Fri, 12/19/2008 - 07:36
User Badges:

Thanks, I will get the configs together in the new year. There is an if 172.31.80.X but I said on this if "ip nat outside" whilst I said on the loopback-if "ip nat inside". Could this be wrong?


--Joerg



John Blakley Fri, 12/19/2008 - 09:47
User Badges:
  • Purple, 4500 points or more

You would generally place nat on the outside and inside interfaces. Try switching it around, and see if that fixes your problem. Take the nat statement off of the loopback, and place the "ip nat inside" on the 172.31.80.x interface, and "ip nat outside" on your public interface.


HTH,


John

vazquez.jorge Sun, 12/21/2008 - 18:05
User Badges:

I agree with Blakley.. Nat statements belong on the inside/outside interfaces, never seen them in the loopback interfaces.

Actions

This Discussion