Jennifer Halim Sun, 05/27/2012 - 02:21

Do you pass traffic through the router passing through those interfaces that has inside and outside NAT configured? If there is no traffic going through the router that triggers the NAT translation, there will be nothing in the translation table (sh ip nat trans).

juwairiyeh900501324 Tue, 05/29/2012 - 05:04

Hi Jennifer,

I'm able to access an external FTP server and transfer files to and from it, but still the sh ip nat translations doesn't show anything!

Jennifer Halim Tue, 05/29/2012 - 05:40

what version of IOS are you currently running, and can you share the current config?

So "sh ip nat trans" doesn't show anything for any traffic going through the router?

Giuseppe Larosa Tue, 05/29/2012 - 06:03

Hello Jennifer,

there is another thread opened by Jory and he/she has reported the NAT configuration.

It looks like he has just defined the NAT pool and the command ip nat inside source  list  pool pool-name is missing

Hope to help


Jennifer Halim Tue, 05/29/2012 - 06:12

Ahh, ok, makes sense. I wonder how it still works if it's not NATing, unless public IP is used internally.

Jory, let us know if after adding "ip nat inside souce list pool pool-name" resolve the issue.

juwairiyeh900501324 Sat, 06/02/2012 - 01:40

Hi guys,

I added the missing NAT commands.

The access-list permit command changes the to by its own!! Is this acceptable?

BTW, I can transfer files to and from an external tftp server.


hostname R1



interface Serial0/1/0

ip address

ip nat inside

clock rate 64000


interface Serial0/1/1

ip address

ip nat outside


address-family ipv4



router ospf 1


network area 0


router bgp 100

no bgp default ipv4-unicast

bgp log-neighbor-changes

neighbor remote-as 200

neighbor ebgp-multihop 2

neighbor update-source Serial0/1/1

neighbor remote-as 100

neighbor update-source Serial0/1/0


address-family ipv4

  redistribute connected

  redistribute ospf 1

  neighbor activate

  neighbor activate

  neighbor next-hop-self

  no auto-summary

  no synchronization




ip nat pool POOL prefix-length 16

ip nat inside source list 1 pool POOL


access-list 1 permit

ipv6 router ospf 1


juwairiyeh900501324 Fri, 06/08/2012 - 08:32

Hi Jennifer,

Still it doesn't work!!

When files are transfered sh ip nat translations issued without any output

John Blakley Fri, 06/08/2012 - 08:54


Try changing your ACL:

access-list 1 permit


access-list 1 permit



John Blakley Fri, 06/08/2012 - 09:32


I had thought about my last post and have another question. You only have 2 addresses free on your internal interface. Do you have another appliance behind it that users have to go through? In other words, if you have:

     | (wan on another appliance)

     | (internal subnet)

You're going to have to change your ACL to match the users that you want to nat and not the internal interface. In the above scenario, your access-list would change to:

access-list 1 permit

Does that make sense?

Nandan Mathure Fri, 06/08/2012 - 09:33

Hi Jory,

In addition to what John has given, I wanted to know about " ip nat pool POOL prefix-length 16"

Your serial outside interface is subnet and when translating you are using subnet. I have no idea about your network setup but I think this should be a problem as well.



Jennifer Halim Fri, 06/08/2012 - 14:18

The only reason why files transfer to the internet work is probably because you have public ip address in your internal subnet, and it works without requiring any NAT. Therefore "sh ip nat trans" is also empty.

Jory, are you using public ip address internally? what ip address are you trying to FTP from and to?

juwairiyeh900501324 Sun, 06/10/2012 - 10:41

Hi guys,

Here is an inserted image of the topology.

and here are the two used configurations.

Sample configuration 1:

ip nat inside source list 100 interface Serial0/0/1 overload

no access-list 100 permit ip any


Sample configuration 2:

ip nat pool POOL netmask

ip nat inside source list 1 pool POOL overload

access-list 1 permit


interface Serial0/0/1

ip nat outside

interface Serial0/0/0

ip nat inside


