Cisco Support Community
Community Member

NAT issue


I have Cisco1712 configured in NAT .IOS is :-

Cisco IOS Software, C1700 Software (C1700-K9O3SY7-M), Version 12.3(14)T3, RELEASE SOFTWARE (fc2)

Private IP range configured is 192.168.1.x/24 & public IPs assigned /29.

Public Ip range :- to (for example)

Natting is configured as :-

ip nat inside source list for_nat int loopback0 overload

NAT access-list:-

ip access-list extended for_nat

permit ip any

The problem is that in this situation sometimes some of the private IPs will not be able to go outside for some time suddenly.For e.g suddenly ip will not be able to go outside but at the same time other all ips will be able to browse.But if i clear nat translations then the ips which were not able to go outside now they will able to browse.

can anyone tell me if its a IOS problem? should I need to upgrade IOS of router or its something else?

I am thinking of doing nat on a pool of public IPs instaed of int ip (loopback 0)

But my concern is that will that solve the problem?

One more question is that currently 6 public Ips are assigned in router as:-

int loopback0

ip add

out of which first 3 Ips form 1.1 to 1.3 are used for port tunneling.So my concern is that can I create pool of rest of 3 public IPs (1.4 to 1.6)out of above 6 Ips assigned to loopback0 & do overload on this pool as:-

ip nat pool NAT prefix-length 29

ip nat inside source list for_nat pool NAT overload

will above config work?

Can anybody help me in this ASAP?

Thanks in Advance.


Re: NAT issue


One problem you may be facing is that your NAT translation entries are not timing out quickly. You can reduce the timeouts using the following command:

'ip nat translation timeout'

As to your second query, there is no problem with creating a NAT pool with a subset of your assigned public IP addresses.

Hope that helps - pls rate the post if it does.


Community Member

Re: NAT issue

Hi Paresh,

Thank you very much for your help.I will try the above mentioned command by you.

But I have 2 questions here:-

1.Do I need to upgrade IOS ?

2.If i create a nat pool of 3 public IPs & doing nat on that pool,why everytime only 1 IP out of that pool is used for natting to all private IPs ?

Is there any way to configure the NAt in such a way that all the IPs in that NAT pool will be used at the same time ? Because though I create a poool of IPs for natting,it will take any one of IP randomly out of pool & natting for all private IPs will be done on that single IP only.

This is just my question.Might be I wrongly understood NAT concept.


Re: NAT issue

Answers to your questions:

1. No, you don't

2. The reason is that you are using 'overload'. The router will keep using that one address until it reaches a point where it is not able to allocate any more ports from the address, at which point it will move to the next one. In reality, that possibility is quite unlikely.

Hope that helps - pls rate the post if it does.


Community Member

Re: NAT issue


No.Still its the same problem.Everytime when clearing nat translations then it seems that everything will work fine for some time & then after some time again it will happen the same.

Anybody is having any solution.Please treat this an urgent


Re: NAT issue

Could you post the output of 'sh ip nat translations' and the IP address of the host that is not able to connect ? Pls try and get that output at the point when the problem occurs.


Community Member

Re: NAT issue

Hi paresh,

Now the issue is fixed but the unfortunate thing is that i couldn;t diagnose the root cause.I just replaced Cisco 1712 with another 1712 & that fixed the issue.It might be problem with IOS or hardware itself.

anyway thank you very much for your help.I appreciate your help.

CreatePlease to create content