Nat translations?

Unanswered Question
May 26th, 2012

Hi guys,

If NAT is configured on a boundary router and is set on the inside and outside interfaces, but show ip nat translations doesn't show any information.

Why might the problem be?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
Jennifer Halim Sun, 05/27/2012 - 02:21

Do you pass traffic through the router passing through those interfaces that has inside and outside NAT configured? If there is no traffic going through the router that triggers the NAT translation, there will be nothing in the translation table (sh ip nat trans).

juwairiyeh900501324 Tue, 05/29/2012 - 05:04

Hi Jennifer,

I'm able to access an external FTP server and transfer files to and from it, but still the sh ip nat translations doesn't show anything!

Jennifer Halim Tue, 05/29/2012 - 05:40

what version of IOS are you currently running, and can you share the current config?

So "sh ip nat trans" doesn't show anything for any traffic going through the router?

Giuseppe Larosa Tue, 05/29/2012 - 06:03

Hello Jennifer,

there is another thread opened by Jory and he/she has reported the NAT configuration.

It looks like he has just defined the NAT pool and the command ip nat inside source  list  pool pool-name is missing

Hope to help

Giuseppe

Jennifer Halim Tue, 05/29/2012 - 06:12

Ahh, ok, makes sense. I wonder how it still works if it's not NATing, unless public IP is used internally.

Jory, let us know if after adding "ip nat inside souce list pool pool-name" resolve the issue.

juwairiyeh900501324 Sat, 06/02/2012 - 01:40

Hi guys,

I added the missing NAT commands.

The access-list permit command changes the 10.0.0.0 to 0.0.0.0 by its own!! Is this acceptable?

BTW, I can transfer files to and from an external tftp server.

Configuration:

hostname R1

!

!

interface Serial0/1/0

ip address 10.0.0.50 255.255.255.252

ip nat inside

clock rate 64000

!

interface Serial0/1/1

ip address 1.0.0.37 255.255.255.252

ip nat outside

!

address-family ipv4

exit-address-family

!

router ospf 1

log-adjacency-changes

network 10.0.0.48 0.0.0.3 area 0

!

router bgp 100

no bgp default ipv4-unicast

bgp log-neighbor-changes

neighbor 1.0.0.38 remote-as 200

neighbor 1.0.0.38 ebgp-multihop 2

neighbor 1.0.0.38 update-source Serial0/1/1

neighbor 10.0.0.49 remote-as 100

neighbor 10.0.0.49 update-source Serial0/1/0

!

address-family ipv4

  redistribute connected

  redistribute ospf 1

  neighbor 1.0.0.38 activate

  neighbor 10.0.0.49 activate

  neighbor 10.0.0.49 next-hop-self

  no auto-summary

  no synchronization

exit-address-family

!

!

ip nat pool POOL 1.1.0.0 1.1.0.255 prefix-length 16

ip nat inside source list 1 pool POOL

!

access-list 1 permit 0.0.0.0 255.255.255.192

ipv6 router ospf 1

log-adjacency-changes

juwairiyeh900501324 Fri, 06/08/2012 - 08:32

Hi Jennifer,

Still it doesn't work!!

When files are transfered sh ip nat translations issued without any output

John Blakley Fri, 06/08/2012 - 08:54

Jory,

Try changing your ACL:

access-list 1 permit 0.0.0.0 255.255.255.192

to

access-list 1 permit 10.0.0.0 0.0.0.3

HTH,

John

John Blakley Fri, 06/08/2012 - 09:32

Jori,

I had thought about my last post and have another question. You only have 2 addresses free on your internal interface. Do you have another appliance behind it that users have to go through? In other words, if you have:

10.0.0.1/30

     |

10.0.0.2/30 (wan on another appliance)

     |

192.168.15.0/24 (internal subnet)

You're going to have to change your ACL to match the users that you want to nat and not the internal interface. In the above scenario, your access-list would change to:

access-list 1 permit 192.168.15.0

Does that make sense?

Nandan Mathure Fri, 06/08/2012 - 09:33

Hi Jory,

In addition to what John has given, I wanted to know about " ip nat pool POOL 1.1.0.0 1.1.0.255 prefix-length 16"

Your serial outside interface is 1.0.0.0 subnet and when translating you are using 1.1.0.0 subnet. I have no idea about your network setup but I think this should be a problem as well.

Thanks,

Nandan

Jennifer Halim Fri, 06/08/2012 - 14:18

The only reason why files transfer to the internet work is probably because you have public ip address in your internal subnet, and it works without requiring any NAT. Therefore "sh ip nat trans" is also empty.

Jory, are you using public ip address internally? what ip address are you trying to FTP from and to?

juwairiyeh900501324 Sun, 06/10/2012 - 10:41

Hi guys,

Here is an inserted image of the topology.

and here are the two used configurations.

Sample configuration 1:

ip nat inside source list 100 interface Serial0/0/1 overload

no access-list 100 permit ip 10.0.0.48 0.0.0.3 any

======================

Sample configuration 2:

ip nat pool POOL 1.0.0.37 1.0.0.37 netmask 255.255.255.252

ip nat inside source list 1 pool POOL overload

access-list 1 permit 10.0.0.48 0.0.0.3

=================

interface Serial0/0/1

ip nat outside

interface Serial0/0/0

ip nat inside

Actions

Login or Register to take actions

This Discussion

Posted May 26, 2012 at 2:48 PM
Stats:
Replies:13 Avg. Rating:
Views:1473 Votes:0
Shares:0
Tags: nat
+

Related Content

Discussions Leaderboard