cisco 6504. NAT -> Error in Allocating port

1594

Views

Helpful

Replies

Hi there.

I`ve made NAT translation

interface Vlan2
ip address 192.168.2.254 255.255.255.0
ip helper-address 192.168.1.1
ip nat inside
!
interface Vlan3
ip address 192.168.3.254 255.255.255.0
ip helper-address 192.168.1.1
ip nat inside
!
interface Vlan4
ip address 192.168.4.254 255.255.255.0
ip helper-address 192.168.1.1
ip nat inside
!
interface Vlan5
ip address 192.168.5.254 255.255.255.0
ip helper-address 192.168.1.1
ip nat inside
!
interface Vlan6
ip address 192.168.6.254 255.255.255.0
ip helper-address 192.168.1.1
ip nat inside
!
interface Vlan7
ip address 192.168.7.254 255.255.255.0
ip helper-address 192.168.1.1
ip nat inside
!
interface Vlan8
ip address 192.168.8.254 255.255.255.0
ip helper-address 192.168.1.1
ip nat inside
!
interface Vlan9
ip address 192.168.9.254 255.255.255.0
ip helper-address 192.168.1.1
ip nat inside
!
interface Vlan10
ip address 10.110.115.2 255.255.255.0
ip nat outside
!
interface Vlan255
ip address 192.168.0.1 255.255.255.0
!
no ip nat service skinny tcp port 2000
no ip nat service H225
ip nat inside source list 1 interface Vlan10 overload
ip nat inside source static tcp 192.168.9.254 23 10.110.115.2 23 extendable no-alias
ip nat inside source static tcp 192.168.1.1 3389 10.110.115.2 3389 extendable no-alias
ip classless
ip route 0.0.0.0 0.0.0.0 10.110.115.1
!
no ip http server
!
access-list 1 permit 192.168.1.35
access-list 1 permit 192.168.1.1
access-list 1 permit 192.168.9.254

ICMP packets r forwarded correctly.

But when i try to access web:

3d20h: NAT: New Inside Entry: couldn't allocate port 1172 for 10.110.115.2 Protocol: 6
3d20h: NAT: translation failed (A), dropping packet s=192.168.1.1 d=93.158.134.8

I thought it is a bug in IOS so I upgraded from s72033-ipservices_wan-mz.122-18.SXF15.bin to s72033-ipservices_wan-mz.122-18.SXF17.bin

But still the same error.

Can some1 explain what I do wrong?

show run in attachment

2 Replies 2

Hi,

The error signifies a symbol (A) which means The "(A)" in the debug output means that translation failed after routing occurred.

Check out the below mentioned link hope this will help you out to solve your query

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080094e75.shtml

As per your configuration you are doing nat for access list which is having an ip address 192.168.1.1 but from where it is coming and in which interface it getting nat inside.

Regards

Ganesh.H

sry, my bad when quoting.

missed Vlan1 in output conf

interface Vlan1
ip address 192.168.1.254 255.255.255.0
ip helper-address 192.168.1.1
ip nat inside

But the problem is stil there.

If i remove

ip nat inside source static tcp 192.168.9.254 23 10.110.115.2 23 extendable
ip nat inside source static tcp 192.168.1.1 3389 10.110.115.2 3389 extendable

and leave only

ip nat inside source list 1 interface Vlan10 overload

Nat works quite fine.

But together overload doesnt work, while 23 and 3389 ports access is fully operational

I thought it is a bug CSCsj29841

but upgrade from s72033-ipservices_wan-mz.122-18.SXF15.bin to s72033-ipservices_wan-mz.122-18.SXF17.bin didnt help (

Guys, I am really in panic.

Review Cisco Networking products for a $25 gift card