Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

3925E Wont Adress translate

Hello i have a couple of 3925E routers running HSRP both internaly and externaly.

I cant get them to NAT the traffic though. They just route it out.

I also tried to connect via VPN to se if that worked and it didnt.

Im poundering where im going wrong with this.

Here is the relevant config.

Router1.

interface Port-channel1.62

encapsulation dot1Q 62

ip address 10.56.0.3 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip accounting output-packets

ip nat inside

ip virtual-reassembly in

standby version 2

standby 12 ip 10.56.0.1

standby 12 priority 110

standby 12 preempt

interface Port-channel1.63

description $FW_OUTSIDE$

encapsulation dot1Q 63

ip address x.x.x.135 255.255.255.128

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly in

standby 1 ip 193.182.225.134

standby 1 timers msec 500 2

standby 1 priority 110

standby 1 preempt

interface Port-channel1.64

description $FW_DMZ$

encapsulation dot1Q 64

ip address 10.56.2.2 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly in

standby 2 ip 10.56.2.1

standby 2 timers msec 500 1

standby 2 priority 110

standby 2 preempt

interface Virtual-Template1 type tunnel

ip unnumbered Port-channel1.63

ip nat inside

ip virtual-reassembly in

tunnel mode ipsec ipv4

tunnel protection ipsec profile CiscoCP_Profile1

ip nat pool Dynamic x.x.x.137 x.x.x.139 netmask 255.255.255.252

ip nat inside source list 1 pool Dynamic

access-list 1 permit 10.56.2.0 0.0.0.255 log

access-list 1 permit 192.168.46.0 0.0.0.255 log

access-list 1 permit 192.168.40.0 0.0.0.255 log

access-list 1 permit 192.168.49.0 0.0.0.255 log

access-list 1 permit 10.56.0.0 0.0.0.255 log

access-list 1 permit 10.56.1.0 0.0.0.255 log

Router 2

interface Port-channel1.62

encapsulation dot1Q 62

ip address 10.56.0.2 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip accounting output-packets

ip flow ingress

ip nat inside

ip virtual-reassembly in

standby version 2

standby 12 ip 10.56.0.1

standby 12 preempt

!

interface Port-channel1.63

description $FW_OUTSIDE$

encapsulation dot1Q 63

ip address x.x.x.136 255.255.255.128

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly in

standby 1 ip 193.182.225.134

standby 1 timers msec 500 2

standby 1 preempt

!

interface Port-channel1.64

description $FW_DMZ$

encapsulation dot1Q 64

ip address 10.56.2.3 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly in

standby 2 ip 10.56.2.1

standby 2 timers msec 500 1

standby 2 preempt

interface Virtual-Template2 type tunnel

ip unnumbered GigabitEthernet0/0

ip nat inside

ip virtual-reassembly in

tunnel mode ipsec ipv4

tunnel protection ipsec profile CiscoCP_Profile2

ip nat pool Dynamic x.x.x.137 x.x.x.139 netmask 255.255.255.252

ip nat inside source list 1 pool Dynamic

access-list 1 permit 10.56.2.0 0.0.0.255 log

access-list 1 permit 192.168.46.0 0.0.0.255 log

access-list 1 permit 192.168.40.0 0.0.0.255 log

access-list 1 permit 192.168.49.0 0.0.0.255 log

access-list 1 permit 10.56.1.0 0.0.0.255 log

access-list 1 permit 10.56.0.0 0.0.0.255 log

I cant get it to NAT. Im pressuming im doing something wrong but im lost as to what.

Everyone's tags (2)
3 REPLIES

Re: 3925E Wont Adress translate

Iam not sure if nat inside and outside will work using same interface with sub-interfaces !!

You can try to use NAT on stick and see if dose fix your issue

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094430.shtml

Hope this help

Sent from Cisco Technical Support iPhone App

New Member

Re: 3925E Wont Adress translate

Hummm changed the external interface to a physical port on both routers still the same thing.

It refuses to NAT im poundering bug or something. Any1 else with some tips? Am i doing something obviously wrong or what gives...

New Member

Re: 3925E Wont Adress translate

Hello.

Tried some more things.

When i change so that i have one adress in the dynamic pool that matches the Virtual ip of the HSRP cluster it seems that my NAT starts to work.

Seems that i cannot translate to different adresses dynamicly when using HSRP? Someone recognise this issue?

655
Views
0
Helpful
3
Replies
CreatePlease login to create content