cisco 6504. NAT -> Error in Allocating port

Unanswered Question
Dec 15th, 2009

Hi there.

I`ve made NAT translation

interface Vlan2
ip address 192.168.2.254 255.255.255.0
ip helper-address 192.168.1.1
ip nat inside
!
interface Vlan3
ip address 192.168.3.254 255.255.255.0
ip helper-address 192.168.1.1
ip nat inside
!
interface Vlan4
ip address 192.168.4.254 255.255.255.0
ip helper-address 192.168.1.1
ip nat inside
!
interface Vlan5
ip address 192.168.5.254 255.255.255.0
ip helper-address 192.168.1.1
ip nat inside
!
interface Vlan6
ip address 192.168.6.254 255.255.255.0
ip helper-address 192.168.1.1
ip nat inside
!
interface Vlan7
ip address 192.168.7.254 255.255.255.0
ip helper-address 192.168.1.1
ip nat inside
!
interface Vlan8
ip address 192.168.8.254 255.255.255.0
ip helper-address 192.168.1.1
ip nat inside
!
interface Vlan9
ip address 192.168.9.254 255.255.255.0
ip helper-address 192.168.1.1
ip nat inside
!
interface Vlan10
ip address 10.110.115.2 255.255.255.0
ip nat outside
!
interface Vlan255
ip address 192.168.0.1 255.255.255.0
!
no ip nat service skinny tcp port 2000
no ip nat service H225
ip nat inside source list 1 interface Vlan10 overload
ip nat inside source static tcp 192.168.9.254 23 10.110.115.2 23 extendable no-alias
ip nat inside source static tcp 192.168.1.1 3389 10.110.115.2 3389 extendable no-alias
ip classless
ip route 0.0.0.0 0.0.0.0 10.110.115.1
!
no ip http server
!
access-list 1 permit 192.168.1.35
access-list 1 permit 192.168.1.1
access-list 1 permit 192.168.9.254

ICMP packets r forwarded correctly.

But when i try to access web:

3d20h: NAT: New Inside Entry: couldn't allocate port 1172 for 10.110.115.2 Protocol: 6
3d20h: NAT: translation failed (A), dropping packet s=192.168.1.1 d=93.158.134.8

I thought it is a bug in IOS so I upgraded from   s72033-ipservices_wan-mz.122-18.SXF15.bin to s72033-ipservices_wan-mz.122-18.SXF17.bin

But still the same error.

Can some1 explain what I do wrong?

show run in attachment

Attachment: 
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ganesh Hariharan Tue, 12/15/2009 - 08:42

Hi,

The error signifies a symbol (A) which means The "(A)" in the debug output means that translation failed after           routing occurred.

Check out the below mentioned link hope this will help you out to solve your query

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080094e75.shtml

As per your configuration you are doing nat for access list which is having an ip address 192.168.1.1 but from where it is coming and in which interface it getting nat inside.

Regards

Ganesh.H

atelkin123 Tue, 12/15/2009 - 23:33

sry, my bad when quoting.

missed Vlan1 in output conf

interface Vlan1
ip address 192.168.1.254 255.255.255.0
ip helper-address 192.168.1.1
ip nat inside

But the problem is stil there.

If i remove

ip nat inside source static tcp 192.168.9.254 23 10.110.115.2 23 extendable
ip nat inside source static tcp 192.168.1.1 3389 10.110.115.2 3389 extendable

and leave only

ip nat inside source list 1 interface Vlan10 overload

Nat works quite fine.

But together overload doesnt work, while 23 and 3389 ports access is fully operational

I thought it is a bug  CSCsj29841

but upgrade from s72033-ipservices_wan-mz.122-18.SXF15.bin to s72033-ipservices_wan-mz.122-18.SXF17.bin  didnt help (

Guys, I am really in panic.

Actions

This Discussion

Related Content