Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NAT trouble

Hi, I have inherited a system which I am trying to make work. It consists of two routers each with an ethernet and a bri. For some reason this very straightforward network has some NAT. I guess the NAT was configured as a workaround for some old legacy application and migration to a new network or something.

My problem is that the routers dial and ping each other OK without the NAT (removing 'ip nat outside' from dialer 2) but when this is put back on the traffic doesn't pass. Does the NAT pool address range need to match that of the bri at the receiving end? Am I missing some static routes for the pool address?

Help appreciated.

Router configs summerised with the interesting bits only!

Router1. (Dialing end)

eth 0

ip address 192.168.202.191/24

ip nat inside

dialer 2

ip address 192.128.0.50/24

ip nat outside

ip nat pool NATPOOL 192.168.0.112 192.168.0.112 netmask 255.255.255.0

ip nat inside source list 101 pool NATPOOL overload

ip classless

ip route 90.90.91.0 255.255.255.0 dialer 2

access-list 101 permit ip any any

Router 2 (Receiving end)

eth 0

ip address 90.90.91.216 /24

bri0

ip address 192.128.0.2/24

ip route 0.0.0.0 0.0.0.0 bri0

ip route 90.90.90.90 255.255.255.0 bri0 - not sure why this route is here.

3 REPLIES
Bronze

Re: NAT trouble

Routes look ok, you have a default at the far end. Are you pinging from the router or a pc on the inside when it works and doesnt work?

Try a sho ip nat trans ans sh ip nat stat after pinging with the nat on. See if its translating. Also try deb ip pack on the calling end and see what address the packets are going out with.

New Member

Re: NAT trouble

instead of using

access-list 101 permit ip any any

on router1, try this:-

#access-list 1 permit 192.168.202.0 0.0.0.255

then change IP nat inside source command to

#ip nat inside source list 1 pool NATPOOL overload

you can also leave out NATPOOL, just use:-

ip nat inside source list 1 interface dialer2 overload

hope this helps.

If not, try getting the following:-

sh ver

then these debugs:-

debug ip nat trans

debug ip nat trans detail

debug dialer

debug dialer packet

post the output, and let's have a look.

New Member

Re: NAT trouble

sorry.. forget about the leaving out NATPOOL part, I thought you were using the dialer ip to overload.. keep the NATPOOL in so the translation is done with 192.168.0.112

89
Views
0
Helpful
3
Replies