cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
10271
Views
0
Helpful
13
Replies

Nat translations?

Hi guys,

If NAT is configured on a boundary router and is set on the inside and outside interfaces, but show ip nat translations doesn't show any information.

Why might the problem be?

13 Replies 13

Jennifer Halim
Cisco Employee
Cisco Employee

Do you pass traffic through the router passing through those interfaces that has inside and outside NAT configured? If there is no traffic going through the router that triggers the NAT translation, there will be nothing in the translation table (sh ip nat trans).

Hi Jennifer,

I'm able to access an external FTP server and transfer files to and from it, but still the sh ip nat translations doesn't show anything!

what version of IOS are you currently running, and can you share the current config?

So "sh ip nat trans" doesn't show anything for any traffic going through the router?

Hello Jennifer,

there is another thread opened by Jory and he/she has reported the NAT configuration.

It looks like he has just defined the NAT pool and the command ip nat inside source  list  pool pool-name is missing

Hope to help

Giuseppe

Ahh, ok, makes sense. I wonder how it still works if it's not NATing, unless public IP is used internally.

Jory, let us know if after adding "ip nat inside souce list pool pool-name" resolve the issue.

Hi guys,

I added the missing NAT commands.

The access-list permit command changes the 10.0.0.0 to 0.0.0.0 by its own!! Is this acceptable?

BTW, I can transfer files to and from an external tftp server.

Configuration:

hostname R1

!

!

interface Serial0/1/0

ip address 10.0.0.50 255.255.255.252

ip nat inside

clock rate 64000

!

interface Serial0/1/1

ip address 1.0.0.37 255.255.255.252

ip nat outside

!

address-family ipv4

exit-address-family

!

router ospf 1

log-adjacency-changes

network 10.0.0.48 0.0.0.3 area 0

!

router bgp 100

no bgp default ipv4-unicast

bgp log-neighbor-changes

neighbor 1.0.0.38 remote-as 200

neighbor 1.0.0.38 ebgp-multihop 2

neighbor 1.0.0.38 update-source Serial0/1/1

neighbor 10.0.0.49 remote-as 100

neighbor 10.0.0.49 update-source Serial0/1/0

!

address-family ipv4

  redistribute connected

  redistribute ospf 1

  neighbor 1.0.0.38 activate

  neighbor 10.0.0.49 activate

  neighbor 10.0.0.49 next-hop-self

  no auto-summary

  no synchronization

exit-address-family

!

!

ip nat pool POOL 1.1.0.0 1.1.0.255 prefix-length 16

ip nat inside source list 1 pool POOL

!

access-list 1 permit 0.0.0.0 255.255.255.192

ipv6 router ospf 1

log-adjacency-changes

Yes, looking good now.

Hi Jennifer,

Still it doesn't work!!

When files are transfered sh ip nat translations issued without any output

Jory,

Try changing your ACL:

access-list 1 permit 0.0.0.0 255.255.255.192

to

access-list 1 permit 10.0.0.0 0.0.0.3

HTH,

John

HTH, John *** Please rate all useful posts ***

Jori,

I had thought about my last post and have another question. You only have 2 addresses free on your internal interface. Do you have another appliance behind it that users have to go through? In other words, if you have:

10.0.0.1/30

     |

10.0.0.2/30 (wan on another appliance)

     |

192.168.15.0/24 (internal subnet)

You're going to have to change your ACL to match the users that you want to nat and not the internal interface. In the above scenario, your access-list would change to:

access-list 1 permit 192.168.15.0

Does that make sense?

HTH, John *** Please rate all useful posts ***

Hi Jory,

In addition to what John has given, I wanted to know about " ip nat pool POOL 1.1.0.0 1.1.0.255 prefix-length 16"

Your serial outside interface is 1.0.0.0 subnet and when translating you are using 1.1.0.0 subnet. I have no idea about your network setup but I think this should be a problem as well.

Thanks,

Nandan

The only reason why files transfer to the internet work is probably because you have public ip address in your internal subnet, and it works without requiring any NAT. Therefore "sh ip nat trans" is also empty.

Jory, are you using public ip address internally? what ip address are you trying to FTP from and to?

Hi guys,

Here is an inserted image of the topology.

and here are the two used configurations.

Sample configuration 1:

ip nat inside source list 100 interface Serial0/0/1 overload

no access-list 100 permit ip 10.0.0.48 0.0.0.3 any

======================

Sample configuration 2:

ip nat pool POOL 1.0.0.37 1.0.0.37 netmask 255.255.255.252

ip nat inside source list 1 pool POOL overload

access-list 1 permit 10.0.0.48 0.0.0.3

=================

interface Serial0/0/1

ip nat outside

interface Serial0/0/0

ip nat inside

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco