Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

C2900 inward NAT semi-success


Running C2900-UNIVERSALK8-M, Version 15.0(1)M3 RELEASE SOFTWARE (fc2)

I have several sets of inward NAT defined (51001-51007, 52001-52007. 53001-53007),

all to various internal addresses. When I attempted to add another set, the new ones

do not work and get a "timeout" error.

When I tried port 51008, it gets a timeout.  When I changed 51008 to 51010, the 51010

now gets a timeout, and 51008 now gets "connection refused" (which I expect).

The original sets all work, the new ones (added at the end of the lists) do not.

When I am on any of the internal machines, the target ( works fine.

When I am "in the router", I can connect via the ssh command, so I know that the

router can talk to on port 22 as expected.

I now have 33 "ip nat inside source static" lines (there were 30 before the new ones):

ip nat inside source list 1 interface GigabitEthernet0/0 overload

and all of the ip nat inside lines are of the form:

ip nat inside source static tcp 192.168.1.x 22 interface GigabitEthernet0/0 51xxx

where the x octet is per machine, the 22 is 22, 443 or 9234 and 51xxx is 51001-51007 or

52001-52007 or 53001-53007 and I have

access-list 1 permit

Have I overflowed some "default" limit?

The router shows things correctly (see below).



> show ip nat translations

Pro Inside global      Inside local        Outside local      Outside global

tcp     ---                ---

tcp    ---                ---

tcp   ---                ---


tcp     ---                ---

tcp    ---                ---

tcp   ---                ---

Everyone's tags (1)
CreatePlease to create content