Multiple Static NAT on 2811 routers

Unanswered Question
Sep 13th, 2010
User Badges:

Hi guys

I have configured a multiple static NAT  for a firewall ( using ip nat inside source static on a 2600 router with one ethernet interface as inside and two ethernet interfaces and a serial interface as outside, using the following commands:

ip nat inside source static x.x.x.x extendable (ISP 1)

ip nat inside source static y.y.y.y extendable (ISP 2)

ip nat inside source static z.z.z.z extendable (ISP 3)

int e0/0

ip address

ip nat inside

int e0/1

ip address x.x.x.1

ip nat outside

int e1/0

ip address y.y.y.1

ip nat outside

int s0/0

ip address z.z.z.1

ip nat outside

This configuration worked well, but, when we replaced the old 2600 router by a new 2811 router (12.4(24)T), only two of the static NAT (one ethernet and the serial interface) instances are working, we are unable to reach the (y.y.y.y) address, however the router interface on that ISP is still reachable. Are there any bug with the IOS version?, are there another option to configure the new router?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Federico Coto F... Tue, 09/14/2010 - 08:46
User Badges:
  • Green, 3000 points or more


Not aware of any bug.

Pretty sure it should work.

Are you sure nothing else has changed (besides the hardware replacement) like an ACL or something?

If the IP of that interface is reachable, then we are fine up to that point.

One test that you can do is to create a static route out the interface that is not working...


ip route of non-working interface

Then, from you can try to PING that address.

What should happen is that should be translated correctly to the public IP assigned to that interface and get out to the Internet.

You say the problem is accesing y.y.y.y, let's see if it can get outbound traffic using that IP.


g.ayllon Tue, 09/14/2010 - 09:13
User Badges:

Thanks Federico.

No changes were made during the replacement, I have also tried natting over router interface and it works fine, I do not have more free IP addresses to test, but if PAT is working, I think there is no problem with the router nor IOS, I know it sounds a little weird, but it happens, also, I have requested to ISP a test over those links, maybe some problem in their ip assignment or something like that.

I will comment you guy.



This Discussion

Related Content