Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
466
Views
0
Helpful
4
Replies

NAT Problem

dmalamba
Level 1
Level 1

‎03-28-2002 03:27 AM - edited ‎03-01-2019 09:03 PM

I have a 2611 router which I use for internet connection. I have 4 administratively up interfaces. Ian using NAT inside for the three inside interfaces and and NAT outside for the Internet connection interface. I have a pool of 4 legal ip addresses which I overload with about 100 illegal internal IP addresses. Once i permit these illegal ip addresses access I get connection to the internet. After some hours this translation no longer takes effect. I try to clear the translation and restart my internet nothing happens and the translations do not take effect. If I use 1-1 static NAT the internet commes back. So I dont know what is causing my dynamic Nat just to halt like that. My Nat configuration is as follows.

ethernet o/o

ip nat inside

ethernet o/1

ip nat inside

serial 0/1

ip nat inside

serial 0/0

ip nat outside

ip nat pool Internet_access X.X.X.80 X.X.X.83 prefix-length 24

ip nat inside source list 7 pool Internet_access overload

access-list 7 permit X.X.X.0 0.0.0.200

Labels:
0 Helpful
4 Replies 4

r-remien
Level 1
Level 1

‎03-28-2002 07:21 AM

Have you tried just using PAT with only one IP address in the pool?. When you do a "sh ip nat tr", are there more than 4 internal addresses being translated?

RJ

0 Helpful

dmalamba
Level 1
Level 1
In response to r-remien

‎03-28-2002 07:32 AM

no i havent tried the pat command and i dont know how to use it

0 Helpful

MickPhelps
Level 1
Level 1

‎03-28-2002 07:43 AM

Your access-list looks very strange. I don't think it would cause things to work then stop... more likely some machines would never work and some would always work. DHCP could confuse the matter.

What is the mask you use on your internal machines? If its a /24, change your access-list to:

access-list 7 permit x.x.x.0 0.0.0.255

Also, using 4 addresses in an overload is a huge waste. PAT will cycle through the first address... roughly 64000 entries before it move on to the next.

Mick.

0 Helpful

amdcent
Level 1
Level 1
In response to MickPhelps

‎03-28-2002 07:48 AM

Just a question

How can I specify TCP port range for global inside or global outside address?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents