Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Issue with NAT Both Directions, encapsulation failed

Hi, i need help, im trying to configure NAT for both directions (Source address an Destination Address).

I have 4 Networks.

Network A 172.16.25.0

IP ADDRESS NAT INSIDE B 172.16.111.124 OVERLOAD

IP ADDRESS of the HOST C 172.16.18.22

IP ADDRESS NAT OUTSIDE STATIC 10.24.137.3

When an IP of Network A is trying to reach an IP fo Network C, first the IP of Network A (Source) i have to change for one IP of Network B., after, the IP of Network C has to be natted for one IP of the Net D

Router

________

IP 172.16.25.79 to Reach 172.16.18.22 -->| NAT |--> 172.16.111.124 to reach 10.24.137.3

|________|

I have this Configuration

ip nat pool NAT_pool 172.16.111.124 172.16.111.124 netmask 255.255.255.128

ip nat inside source list Access_NAT pool NAT_pool overload

ip nat outside source static 10.24.137.3 172.16.18.22

ip classless

ip route 0.0.0.0 0.0.0.0 172.16.70.1

ip route 10.24.137.0 255.255.255.0 172.16.111.1

ip route 172.16.18.22 255.255.255.255 FastEthernet0/1.111

ip access-list extended Access_NAT

permit ip host 172.16.25.79 10.24.137.3 0.0.0.0

interface FastEthernet0/0

ip address 172.16.70.250 255.255.255.0

ip nat inside

duplex full

speed 100

interface FastEthernet0/1.111

encapsulation dot1Q 111

ip address 172.16.111.124 255.255.255.128

ip nat outside

no cdp enable

ip route 0.0.0.0 0.0.0.0 172.16.70.1

ip route 10.24.137.0 255.255.255.0 172.16.111.1

ip route 172.16.18.22 255.255.255.255 FastEthernet0/1.111

When i do tests i can reach the IP 172.16.18.22, but when i check sh ip nat translations

Pro Inside global Inside local Outside local Outside global

icmp 172.16.111.124:512 172.16.25.79:512 172.16.18.22:512 10.24.137.3:512

--- --- --- 172.16.18.22 10.24.137.3

and with the command sh ip packet i got this issue

*Jun 15 01:14:54.582: IP: s=172.16.111.124 (FastEthernet0/0), d=10.24.137.3 (FastEthernet0/1.111), g=10.24.137.3, len 60, forward

*Jun 15 01:14:54.582: IP: s=172.16.111.124 (FastEthernet0/0), d=10.24.137.3 (FastEthernet0/1.111), len 60, encapsulation failed

Anyone knows what is the cause that i cant reach the Destination IP???

2 REPLIES
New Member

Re: Issue with NAT Both Directions, encapsulation failed

Encapsulation failed means the router knows the interace but not the next hop MAC address. Since NAT order of operation from in to out is to route then NAT, I suspect the route for the outside local address is incorrect.

try changing,

ip route 172.16.18.22 255.255.255.255 FastEthernet0/1.111

to

ip route 172.16.18.22 255.255.255.255 172.16.111.1

refs:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_tech_note09186a00800a6057.shtml

and NAT order of operation

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080133ddd.shtml

HTH

Ross

New Member

Re: Issue with NAT Both Directions, encapsulation failed

Thanks, its working.

Just i only changed the route.

i did a ping to destination and it responded.

586
Views
0
Helpful
2
Replies