Cisco 891 IOS NAT problem

Answered Question
May 21st, 2010
User Badges:

Hi,

I am having problem with a simple NAT configuration, and not able to figure out. I can not connect to the Internet. I am not able to find enough information about NAT-NVI: translation failed (A) error.


thanks


here is the config


interface FastEthernet8
ip address 11.27.19.25 255.255.254.0
ip nat outside
ip nat enable
ip virtual-reassembly
duplex auto
speed auto
!
interface GigabitEthernet0
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip nat enable
ip virtual-reassembly
duplex auto
speed auto
!
ip route 0.0.0.0 0.0.0.0 11.27.19.24
ip route 192.168.1.0 255.255.255.0 GigabitEthernet0
!
!
ip nat inside source route-map NAT interface FastEthernet8 overload
!
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
!
!
!
!        
route-map NAT permit 10
match ip address 100
!




and here is the debug:


May 21 20:54:05.578: NAT-NVI: translation failed (A), dropping packet s=11.27.19.25 d=11.27.100.1
*May 21 20:54:05.578: NAT: s=192.168.1.1->11.27.100.1, d=11.27.19.25 [50914]
*May 21 20:54:06.590: NAT: s=192.168.1.2->11.27.19.25, d=11.27.100.1 [629]
*May 21 20:54:06.594: NAT: UDP s=54054->1056, d=53
*May 21 20:54:06.594: NAT: UDP s=53, d=1056->54054
*May 21 20:54:07.606: NAT: s=192.168.1.2->11.27.19.25, d=11.27.100.1 [630]
*May 21 20:54:07.606: NAT: UDP s=54054->1056, d=53
*May 21 20:54:07.610: NAT: UDP s=53, d=1056->54054
*May 21 20:54:09.618: NAT: s=192.168.1.2->11.27.19.25, d=11.27.100.1 [631]
*May 21 20:54:09.618: NAT: UDP s=54054->1056, d=53
*May 21 20:54:09.622: NAT: UDP s=53, d=1056->54054
*May 21 20:54:13.626: NAT: s=192.168.1.2->11.27.19.25, d=11.27.100.1 [632]
*May 21 20:54:13.626: NAT: UDP s=54054->1056, d=53
*May 21 20:54:13.630: NAT: UDP s=53, d=1056->54054
*May 21 20:54:21.206: NAT: expiring 11.27.19.25 (11.27.19.25) udp 1044 (59513)
*May 21 20:54:22.230: NAT: expiring 11.27.19.25 (11.27.19.25) udp 1045 (63372)
*May 21 20:54:27.350: NAT: expiring 11.27.19.25 (11.27.19.25) udp 1046 (63623)
*May 21 20:54:30.422: NAT: expiring 11.27.19.25 (192.168.1.2) udp 58745 (58745)
*May 21 20:54:43.734: NAT: expiring 11.27.19.25 (11.27.19.25) udp 1047 (54640)
*May 21 20:54:45.270: NAT: expiring 11.27.19.25 (11.27.19.25) udp 1048 (52768)
*May 21 20:55:00.926: NAT: s=192.168.1.2->11.27.19.25, d=11.27.100.1 [633]
*May 21 20:55:00.930: NAT: UDP s=52856->1057, d=53
*May 21 20:55:00.930: NAT-NVI: translation failed (A), dropping packet s=11.27.19.25 d=11.27.100.1
*May 21 20:55:00.930: NAT: s=192.168.1.1->11.27.100.1, d=11.27.19.25 [50919]
*May 21 20:55:01.654: NAT: expiring 11.27.19.25 (192.168.1.2) udp 63972 (63972)
*May 21 20:55:01.938: NAT: s=192.168.1.2->11.27.19.25, d=11.27.100.1 [634]
*May 21 20:55:01.942: NAT: UDP s=52856->1057, d=53
*May 21 20:55:01.942: NAT: UDP s=53, d=1057->52856
*May 21 20:55:02.954: NAT: s=192.168.1.2->11.27.19.25, d=11.27.100.1 [635]
*May 21 20:55:02.954: NAT: UDP s=52856->1057, d=53
*May 21 20:55:02.958: NAT: UDP s=53, d=1057->52856
*May 21 20:55:04.966: NAT: s=192.168.1.2->11.27.19.25, d=11.27.100.1 [636]
*May 21 20:55:04.966: NAT: UDP s=52856->1057, d=53
*May 21 20:55:04.970: NAT: UDP s=53, d=1057->52856
*May 21 20:55:08.974: NAT: s=192.168.1.2->11.27.19.25, d=11.27.100.1 [637]
*May 21 20:55:08.974: NAT: UDP s=52856->1057, d=53
*May 21 20:55:08.978: NAT: UDP s=53, d=1057->52856
*May 21 20:55:13.942: NAT: expiring 11.27.19.25 (192.168.1.2) udp 54054 (54054)

Correct Answer by Ganesh Hariharan about 6 years 10 months ago


Hi,

I am having problem with a simple NAT configuration, and not able to figure out. I can not connect to the Internet. I am not able to find enough information about NAT-NVI: translation failed (A) error.


thanks


here is the config


interface FastEthernet8
ip address 11.27.19.25 255.255.254.0
ip nat outside
ip nat enable
ip virtual-reassembly
duplex auto
speed auto
!
interface GigabitEthernet0
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip nat enable
ip virtual-reassembly
duplex auto
speed auto
!
ip route 0.0.0.0 0.0.0.0 11.27.19.24
ip route 192.168.1.0 255.255.255.0 GigabitEthernet0
!
!
ip nat inside source route-map NAT interface FastEthernet8 overload
!
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
!
!
!
!        
route-map NAT permit 10


Hi,


As Reza Pointed what is the need for 192.168.1.0 route towards the interface and as you have created a route map apply the route map on the interface Gigethernet 0 as per the below example.



Router(config)# interface Fast Ethernet 3/0

Router(config-if)#ip policy route-map reroute10traffic


Hope to Help !!


Ganesh.H


Remember to rate the helpful post

Correct Answer by Reza Sharifi about 6 years 10 months ago

Hi Ercan,


Why do you have a static route to the connected interface?


ip route 192.168.1.0 255.255.255.0 GigabitEthernet0



Also can you change your current NAT statement to this and try testing again?

ip nat inside source list 100 interface FastEthernet8 overload


HTH

Reza

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Reza Sharifi Fri, 05/21/2010 - 14:14
User Badges:
  • Super Bronze, 10000 points or more
  • Cisco Designated VIP,

    2017 LAN

Hi Ercan,


Why do you have a static route to the connected interface?


ip route 192.168.1.0 255.255.255.0 GigabitEthernet0



Also can you change your current NAT statement to this and try testing again?

ip nat inside source list 100 interface FastEthernet8 overload


HTH

Reza

ercanelibol Mon, 05/24/2010 - 05:56
User Badges:

Hi Reza,

having a static route to that network was not problem, it was the route-map settings in the config. it works fine now. NAT also works with ACL you put in your reply.


Thanks


Ercan

Correct Answer
Ganesh Hariharan Sat, 05/22/2010 - 00:20
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Member's Choice, February 2016


Hi,

I am having problem with a simple NAT configuration, and not able to figure out. I can not connect to the Internet. I am not able to find enough information about NAT-NVI: translation failed (A) error.


thanks


here is the config


interface FastEthernet8
ip address 11.27.19.25 255.255.254.0
ip nat outside
ip nat enable
ip virtual-reassembly
duplex auto
speed auto
!
interface GigabitEthernet0
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip nat enable
ip virtual-reassembly
duplex auto
speed auto
!
ip route 0.0.0.0 0.0.0.0 11.27.19.24
ip route 192.168.1.0 255.255.255.0 GigabitEthernet0
!
!
ip nat inside source route-map NAT interface FastEthernet8 overload
!
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
!
!
!
!        
route-map NAT permit 10


Hi,


As Reza Pointed what is the need for 192.168.1.0 route towards the interface and as you have created a route map apply the route map on the interface Gigethernet 0 as per the below example.



Router(config)# interface Fast Ethernet 3/0

Router(config-if)#ip policy route-map reroute10traffic


Hope to Help !!


Ganesh.H


Remember to rate the helpful post

ercanelibol Mon, 05/24/2010 - 05:57
User Badges:

"Router(config-if)#ip policy route-map..." was the missing part...


thanks

Actions

This Discussion