cisco 6504. NAT -> Error in Allocating port

Unanswered Question
Dec 15th, 2009
User Badges:

Hi there.


I`ve made NAT translation


interface Vlan2
ip address 192.168.2.254 255.255.255.0
ip helper-address 192.168.1.1
ip nat inside
!
interface Vlan3
ip address 192.168.3.254 255.255.255.0
ip helper-address 192.168.1.1
ip nat inside
!
interface Vlan4
ip address 192.168.4.254 255.255.255.0
ip helper-address 192.168.1.1
ip nat inside
!
interface Vlan5
ip address 192.168.5.254 255.255.255.0
ip helper-address 192.168.1.1
ip nat inside
!
interface Vlan6
ip address 192.168.6.254 255.255.255.0
ip helper-address 192.168.1.1
ip nat inside
!
interface Vlan7
ip address 192.168.7.254 255.255.255.0
ip helper-address 192.168.1.1
ip nat inside
!
interface Vlan8
ip address 192.168.8.254 255.255.255.0
ip helper-address 192.168.1.1
ip nat inside
!
interface Vlan9
ip address 192.168.9.254 255.255.255.0
ip helper-address 192.168.1.1
ip nat inside
!
interface Vlan10
ip address 10.110.115.2 255.255.255.0
ip nat outside
!
interface Vlan255
ip address 192.168.0.1 255.255.255.0
!
no ip nat service skinny tcp port 2000
no ip nat service H225
ip nat inside source list 1 interface Vlan10 overload
ip nat inside source static tcp 192.168.9.254 23 10.110.115.2 23 extendable no-alias
ip nat inside source static tcp 192.168.1.1 3389 10.110.115.2 3389 extendable no-alias
ip classless
ip route 0.0.0.0 0.0.0.0 10.110.115.1
!
no ip http server
!
access-list 1 permit 192.168.1.35
access-list 1 permit 192.168.1.1
access-list 1 permit 192.168.9.254



ICMP packets r forwarded correctly.



But when i try to access web:


3d20h: NAT: New Inside Entry: couldn't allocate port 1172 for 10.110.115.2 Protocol: 6
3d20h: NAT: translation failed (A), dropping packet s=192.168.1.1 d=93.158.134.8


I thought it is a bug in IOS so I upgraded from   s72033-ipservices_wan-mz.122-18.SXF15.bin to s72033-ipservices_wan-mz.122-18.SXF17.bin


But still the same error.


Can some1 explain what I do wrong?


show run in attachment

Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ganesh Hariharan Tue, 12/15/2009 - 08:42
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Member's Choice, February 2016

Hi,


The error signifies a symbol (A) which means The "(A)" in the debug output means that translation failed after           routing occurred.


Check out the below mentioned link hope this will help you out to solve your query


http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080094e75.shtml


As per your configuration you are doing nat for access list which is having an ip address 192.168.1.1 but from where it is coming and in which interface it getting nat inside.


Regards

Ganesh.H

atelkin123 Tue, 12/15/2009 - 23:33
User Badges:

sry, my bad when quoting.


missed Vlan1 in output conf


interface Vlan1
ip address 192.168.1.254 255.255.255.0
ip helper-address 192.168.1.1
ip nat inside



But the problem is stil there.


If i remove


ip nat inside source static tcp 192.168.9.254 23 10.110.115.2 23 extendable
ip nat inside source static tcp 192.168.1.1 3389 10.110.115.2 3389 extendable


and leave only


ip nat inside source list 1 interface Vlan10 overload


Nat works quite fine.


But together overload doesnt work, while 23 and 3389 ports access is fully operational


I thought it is a bug  CSCsj29841


but upgrade from s72033-ipservices_wan-mz.122-18.SXF15.bin to s72033-ipservices_wan-mz.122-18.SXF17.bin  didnt help (


Guys, I am really in panic.

Actions

This Discussion

Related Content