Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAT in Transition

3640 router version 12.3

We have most of our machines on a class C network. We have a DMZ setup with static NAT addresses. We are running low on the class C network IP addresses so would like to transition to NAT overload (PAT).

The commands I am using are:

ip nat pool ptinat 198.17.220.118 198.17.220.118 netmask 255.255.255.0

ip nat inside source list 20 pool ptinat overload

access-list 20 permit 172.28.0.0 0.0.255.255

I also put the following on the interface FastEthernet0/0

ip address 198.17.220.118 255.255.255.0 secondary

Once I have done this the 198.17.220.0 and the 172.28.0.0 networks cannot talk to each other.

Any ideas?

6 REPLIES

Re: NAT in Transition

the 198.17.220.0 and the 172.28.0.0 networks cannot talk to each other because you did PAT.

Only hosts from 172.28.0.0 can have an access to hosts in 198.17.220.0.

New Member

Re: NAT in Transition

I am logged into the 172.28.0.0 host.

If I ping 198.17.220.0 host it is successful

If I traceroute 198.17.220.0 host it is succesfull

If I ssh to 198.17.220.0 host, it comes back with:

debug1: Connecting to 198.17.220.131 [198.17.220.131] port 22.

debug1: Connection established.

debug1: identity file /root/.ssh/identity type -1

debug1: identity file /root/.ssh/id_rsa type -1

debug1: identity file /root/.ssh/id_dsa type -1

ssh_exchange_identification: read: Connection reset by peer

If I turn NAT off, I can this same ssh will be successful.

I am grateful for any help you can give me.

Thank you.

Re: NAT in Transition

Could you show all parts of your config related to NAT/PAT?

New Member

Re: NAT in Transition

I am a bit nervous about putting too much of the config out on the network.Does this help at all?

interface FastEthernet0/0

ip address 198.17.220.118 255.255.255.0 secondary

ip address 198.17.x.x 255.255.255.0

ip broadcast-address 198.17.220.255

ip nat outside

!

interface FastEthernet3/1

description PTI TESTING NAT

ip address 172.28.0.100 255.255.0.0

ip broadcast-address 172.28.0.255

ip nat inside

!

ip nat pool ptinat 198.17.220.118 198.17.220.118 netmask 255.255.255.0

ip nat inside source list 20 pool ptinat overload

access-list 20 permit 172.28.0.0 0.0.255.255

Re: NAT in Transition

remove this line from the config

ip address 198.17.220.118 255.255.255.0 secondary

and try again

New Member

Re: NAT in Transition

Sorry to say it did not make any difference to have the secondary interface removed.

150
Views
0
Helpful
6
Replies