Cisco 891 IOS NAT problem

Answered Question
May 21st, 2010

Hi,

I am having problem with a simple NAT configuration, and not able to figure out. I can not connect to the Internet. I am not able to find enough information about NAT-NVI: translation failed (A) error.

thanks

here is the config

interface FastEthernet8
ip address 11.27.19.25 255.255.254.0
ip nat outside
ip nat enable
ip virtual-reassembly
duplex auto
speed auto
!
interface GigabitEthernet0
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip nat enable
ip virtual-reassembly
duplex auto
speed auto
!
ip route 0.0.0.0 0.0.0.0 11.27.19.24
ip route 192.168.1.0 255.255.255.0 GigabitEthernet0
!
!
ip nat inside source route-map NAT interface FastEthernet8 overload
!
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
!
!
!
!        
route-map NAT permit 10
match ip address 100
!

and here is the debug:

May 21 20:54:05.578: NAT-NVI: translation failed (A), dropping packet s=11.27.19.25 d=11.27.100.1
*May 21 20:54:05.578: NAT: s=192.168.1.1->11.27.100.1, d=11.27.19.25 [50914]
*May 21 20:54:06.590: NAT: s=192.168.1.2->11.27.19.25, d=11.27.100.1 [629]
*May 21 20:54:06.594: NAT: UDP s=54054->1056, d=53
*May 21 20:54:06.594: NAT: UDP s=53, d=1056->54054
*May 21 20:54:07.606: NAT: s=192.168.1.2->11.27.19.25, d=11.27.100.1 [630]
*May 21 20:54:07.606: NAT: UDP s=54054->1056, d=53
*May 21 20:54:07.610: NAT: UDP s=53, d=1056->54054
*May 21 20:54:09.618: NAT: s=192.168.1.2->11.27.19.25, d=11.27.100.1 [631]
*May 21 20:54:09.618: NAT: UDP s=54054->1056, d=53
*May 21 20:54:09.622: NAT: UDP s=53, d=1056->54054
*May 21 20:54:13.626: NAT: s=192.168.1.2->11.27.19.25, d=11.27.100.1 [632]
*May 21 20:54:13.626: NAT: UDP s=54054->1056, d=53
*May 21 20:54:13.630: NAT: UDP s=53, d=1056->54054
*May 21 20:54:21.206: NAT: expiring 11.27.19.25 (11.27.19.25) udp 1044 (59513)
*May 21 20:54:22.230: NAT: expiring 11.27.19.25 (11.27.19.25) udp 1045 (63372)
*May 21 20:54:27.350: NAT: expiring 11.27.19.25 (11.27.19.25) udp 1046 (63623)
*May 21 20:54:30.422: NAT: expiring 11.27.19.25 (192.168.1.2) udp 58745 (58745)
*May 21 20:54:43.734: NAT: expiring 11.27.19.25 (11.27.19.25) udp 1047 (54640)
*May 21 20:54:45.270: NAT: expiring 11.27.19.25 (11.27.19.25) udp 1048 (52768)
*May 21 20:55:00.926: NAT: s=192.168.1.2->11.27.19.25, d=11.27.100.1 [633]
*May 21 20:55:00.930: NAT: UDP s=52856->1057, d=53
*May 21 20:55:00.930: NAT-NVI: translation failed (A), dropping packet s=11.27.19.25 d=11.27.100.1
*May 21 20:55:00.930: NAT: s=192.168.1.1->11.27.100.1, d=11.27.19.25 [50919]
*May 21 20:55:01.654: NAT: expiring 11.27.19.25 (192.168.1.2) udp 63972 (63972)
*May 21 20:55:01.938: NAT: s=192.168.1.2->11.27.19.25, d=11.27.100.1 [634]
*May 21 20:55:01.942: NAT: UDP s=52856->1057, d=53
*May 21 20:55:01.942: NAT: UDP s=53, d=1057->52856
*May 21 20:55:02.954: NAT: s=192.168.1.2->11.27.19.25, d=11.27.100.1 [635]
*May 21 20:55:02.954: NAT: UDP s=52856->1057, d=53
*May 21 20:55:02.958: NAT: UDP s=53, d=1057->52856
*May 21 20:55:04.966: NAT: s=192.168.1.2->11.27.19.25, d=11.27.100.1 [636]
*May 21 20:55:04.966: NAT: UDP s=52856->1057, d=53
*May 21 20:55:04.970: NAT: UDP s=53, d=1057->52856
*May 21 20:55:08.974: NAT: s=192.168.1.2->11.27.19.25, d=11.27.100.1 [637]
*May 21 20:55:08.974: NAT: UDP s=52856->1057, d=53
*May 21 20:55:08.978: NAT: UDP s=53, d=1057->52856
*May 21 20:55:13.942: NAT: expiring 11.27.19.25 (192.168.1.2) udp 54054 (54054)

I have this problem too.
0 votes
Correct Answer by Ganesh Hariharan about 6 years 6 months ago

Hi,

I am having problem with a simple NAT configuration, and not able to figure out. I can not connect to the Internet. I am not able to find enough information about NAT-NVI: translation failed (A) error.

thanks

here is the config

interface FastEthernet8
ip address 11.27.19.25 255.255.254.0
ip nat outside
ip nat enable
ip virtual-reassembly
duplex auto
speed auto
!
interface GigabitEthernet0
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip nat enable
ip virtual-reassembly
duplex auto
speed auto
!
ip route 0.0.0.0 0.0.0.0 11.27.19.24
ip route 192.168.1.0 255.255.255.0 GigabitEthernet0
!
!
ip nat inside source route-map NAT interface FastEthernet8 overload
!
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
!
!
!
!        
route-map NAT permit 10

Hi,

As Reza Pointed what is the need for 192.168.1.0 route towards the interface and as you have created a route map apply the route map on the interface Gigethernet 0 as per the below example.

Router(config)# interface Fast Ethernet 3/0

Router(config-if)#ip policy route-map reroute10traffic

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

Correct Answer by Reza Sharifi about 6 years 6 months ago

Hi Ercan,

Why do you have a static route to the connected interface?

ip route 192.168.1.0 255.255.255.0 GigabitEthernet0

Also can you change your current NAT statement to this and try testing again?

ip nat inside source list 100 interface FastEthernet8 overload

HTH

Reza

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Reza Sharifi Fri, 05/21/2010 - 14:14

Hi Ercan,

Why do you have a static route to the connected interface?

ip route 192.168.1.0 255.255.255.0 GigabitEthernet0

Also can you change your current NAT statement to this and try testing again?

ip nat inside source list 100 interface FastEthernet8 overload

HTH

Reza

ercanelibol Mon, 05/24/2010 - 05:56

Hi Reza,

having a static route to that network was not problem, it was the route-map settings in the config. it works fine now. NAT also works with ACL you put in your reply.

Thanks

Ercan

Correct Answer
Ganesh Hariharan Sat, 05/22/2010 - 00:20

Hi,

I am having problem with a simple NAT configuration, and not able to figure out. I can not connect to the Internet. I am not able to find enough information about NAT-NVI: translation failed (A) error.

thanks

here is the config

interface FastEthernet8
ip address 11.27.19.25 255.255.254.0
ip nat outside
ip nat enable
ip virtual-reassembly
duplex auto
speed auto
!
interface GigabitEthernet0
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip nat enable
ip virtual-reassembly
duplex auto
speed auto
!
ip route 0.0.0.0 0.0.0.0 11.27.19.24
ip route 192.168.1.0 255.255.255.0 GigabitEthernet0
!
!
ip nat inside source route-map NAT interface FastEthernet8 overload
!
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
!
!
!
!        
route-map NAT permit 10

Hi,

As Reza Pointed what is the need for 192.168.1.0 route towards the interface and as you have created a route map apply the route map on the interface Gigethernet 0 as per the below example.

Router(config)# interface Fast Ethernet 3/0

Router(config-if)#ip policy route-map reroute10traffic

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

Actions

This Discussion