Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

NAT Problem

I have a 2611 router which I use for internet connection. I have 4 administratively up interfaces. Ian using NAT inside for the three inside interfaces and and NAT outside for the Internet connection interface. I have a pool of 4 legal ip addresses which I overload with about 100 illegal internal IP addresses. Once i permit these illegal ip addresses access I get connection to the internet. After some hours this translation no longer takes effect. I try to clear the translation and restart my internet nothing happens and the translations do not take effect. If I use 1-1 static NAT the internet commes back. So I dont know what is causing my dynamic Nat just to halt like that. My Nat configuration is as follows.

ethernet o/o

ip nat inside

ethernet o/1

ip nat inside

serial 0/1

ip nat inside

serial 0/0

ip nat outside

ip nat pool Internet_access X.X.X.80 X.X.X.83 prefix-length 24

ip nat inside source list 7 pool Internet_access overload

access-list 7 permit X.X.X.0 0.0.0.200

4 REPLIES
Community Member

Re: NAT Problem

Have you tried just using PAT with only one IP address in the pool?. When you do a "sh ip nat tr", are there more than 4 internal addresses being translated?

RJ

Community Member

Re: NAT Problem

no i havent tried the pat command and i dont know how to use it

Community Member

Re: NAT Problem

Your access-list looks very strange. I don't think it would cause things to work then stop... more likely some machines would never work and some would always work. DHCP could confuse the matter.

What is the mask you use on your internal machines? If its a /24, change your access-list to:

access-list 7 permit x.x.x.0 0.0.0.255

Also, using 4 addresses in an overload is a huge waste. PAT will cycle through the first address... roughly 64000 entries before it move on to the next.

Mick.

Community Member

Re: NAT Problem

Just a question

How can I specify TCP port range for global inside or global outside address?

220
Views
0
Helpful
4
Replies
CreatePlease to create content