×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

NAT Problem

Unanswered Question
Mar 28th, 2002
User Badges:

I have a 2611 router which I use for internet connection. I have 4 administratively up interfaces. Ian using NAT inside for the three inside interfaces and and NAT outside for the Internet connection interface. I have a pool of 4 legal ip addresses which I overload with about 100 illegal internal IP addresses. Once i permit these illegal ip addresses access I get connection to the internet. After some hours this translation no longer takes effect. I try to clear the translation and restart my internet nothing happens and the translations do not take effect. If I use 1-1 static NAT the internet commes back. So I dont know what is causing my dynamic Nat just to halt like that. My Nat configuration is as follows.

ethernet o/o

ip nat inside

ethernet o/1

ip nat inside

serial 0/1

ip nat inside

serial 0/0

ip nat outside


ip nat pool Internet_access X.X.X.80 X.X.X.83 prefix-length 24


ip nat inside source list 7 pool Internet_access overload


access-list 7 permit X.X.X.0 0.0.0.200


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
r-remien Thu, 03/28/2002 - 07:21
User Badges:

Have you tried just using PAT with only one IP address in the pool?. When you do a "sh ip nat tr", are there more than 4 internal addresses being translated?

RJ

dmalamba Thu, 03/28/2002 - 07:32
User Badges:

no i havent tried the pat command and i dont know how to use it

MickPhelps Thu, 03/28/2002 - 07:43
User Badges:

Your access-list looks very strange. I don't think it would cause things to work then stop... more likely some machines would never work and some would always work. DHCP could confuse the matter.


What is the mask you use on your internal machines? If its a /24, change your access-list to:

access-list 7 permit x.x.x.0 0.0.0.255


Also, using 4 addresses in an overload is a huge waste. PAT will cycle through the first address... roughly 64000 entries before it move on to the next.


Mick.


amdcent Thu, 03/28/2002 - 07:48
User Badges:

Just a question


How can I specify TCP port range for global inside or global outside address?

Actions

This Discussion