NAT translation failed

Unanswered Question

Hello,


NAT isn't working on a router after an IP addressing change. When I try to use NAT with nat debugging enabled, I get the following message in the logs:

NAT: translation failed (A), dropping packet s=local_ip d=remote_ip

On Cisco website, I found that "A" means the packets was dropped after routing process, but no useful information with this error message.


Configuration:


! Access-list 101 is used by NAT

! We deny packets directed to 192.168.2.0/24 through the NAT (they must go through an IPSec tunnel)

access-list 101 deny ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 101 permit ip 192.168.3.0 0.0.0.255 any


ip nat inside source list 101 interface ATM0.1 overload


interface Loopback0

ip address x.x.x.x 255.255.255.255

interface Ethernet0

ip address 192.168.3.254 255.255.255.0

ip nat inside

no cdp enable

hold-queue 100 out

interface ATM0

no ip address

no ip mroute-cache

load-interval 30

no atm ilmi-keepalive

dsl operating-mode auto

dsl power-cutback 0

hold-queue 224 in

interface ATM0.1 point-to-point

ip unnumbered Loopback0

ip nat outside

crypto map FOO

pvc 2/32

ubr 320

encapsulation aal5mux ip



additional informations:


#sh access-lists 101

Extended IP access list 101

deny ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255 (30027 matches)

permit ip 192.168.3.0 0.0.0.255 any (4521 matches)


#sh ip nat statistics

Total active translations: 0 (0 static, 0 dynamic; 0 extended)

Outside interfaces:

ATM0.1

Inside interfaces:

Ethernet0

Hits: 0 Misses: 0

Expired translations: 0

Dynamic mappings:

-- Inside Source

[Id: 1] access-list 101 interface ATM0.1 refcount 0


#sh ver

Cisco Internetwork Operating System Software

IOS (tm) C837 Software (C837-K9O3SY6-M), Version 12.2(8)YN, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)

Synched to technology version 12.2(11.2u)T

TAC Support: http://www.cisco.com/tac

Copyright (c) 1986-2002 by cisco Systems, Inc.

Compiled Wed 30-Oct-02 15:28 by ealyon

Image text-base: 0x800131D8, data-base: 0x8097D1E8

ROM: System Bootstrap, Version 12.2(8r)YN, RELEASE SOFTWARE (fc1)

ROM: C837 Software (C837-K9O3SY6-M), Version 12.2(8)YN, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)

uptime is 1 hour, 8 minutes

System returned to ROM by power-on

System image file is "flash:c837-k9o3sy6-mz.122-8.YN.bin"

CISCO C837 (MPC857DSL) processor (revision 0x200) with 29492K/3276K bytes of memory.

CPU rev number 7

Bridging software.

1 Ethernet/IEEE 802.3 interface(s)

1 ATM network interface(s)

128K bytes of non-volatile configuration memory.

8192K bytes of processor board System flash (Read/Write)

2048K bytes of processor board Web flash (Read/Write)

Configuration register is 0x2102

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion