Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAT ISSues

I cannot see any entries on the NAT translations; anyone can advice please? for the .25 ip address but can see for the .1

ip access-list extended POLICYNAT
 permit ip host 172.16.2.25 172.17.37.176 0.0.0.15
 permit ip host 172.16.2.25 172.17.37.192 0.0.0.15
 permit ip host 172.16.2.25 172.17.37.208 0.0.0.15
 permit ip host 172.16.2.1 172.17.37.176 0.0.0.15
!

interface GigabitEthernet0/0
 ip address 172.28.209.110 255.255.255.252
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto

interface GigabitEthernet0/1.10
 encapsulation dot1Q 10
 ip address 172.16.2.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in

 

ip nat pool VPN 172.17.40.97 172.17.40.97 netmask 255.255.255.240

ip nat inside source list POLICYNAT pool VPN

 

Pro Inside global         Inside local          Outside local         Outside global
tcp 172.17.40.97:443      172.16.2.1:443        172.17.37.178:57012   172.17.37.178:57012
tcp 172.17.40.97:443      172.16.2.1:443        172.17.37.178:57014   172.17.37.178:57014
tcp 172.17.40.97:443      172.16.2.1:443        172.17.37.178:57015   172.17.37.178:57015
tcp 172.17.40.97:443      172.16.2.1:443        172.17.37.210:51106   172.17.37.210:51106
tcp 172.17.40.97:443      172.16.2.1:443        172.17.37.210:51115   172.17.37.210:51115
tcp 172.17.40.97:443      172.16.2.1:443        172.17.37.210:51129   172.17.37.210:51129
--- 172.17.40.97          172.16.2.1            ---                   ---

 

 

Any one knows why the issue is? tried a ping / traceroute from the .25 and it shows this

traceroute -s 172.16.2.25 172.17.37.210

traceroute to 172.17.37.210 (172.17.37.210), 30 hops max, 60 byte packets

 1  172.16.2.1 (172.16.2.1)  1.733 ms  1.803 ms  1.908 ms

 2  172.16.2.1 (172.16.2.1)  2.036 ms !H * *

Anyone can tell me where i may be going wrong!

1 REPLY
New Member

Try adding the overload

Try adding the overload command to your entry:

 

ip nat inside source list POLICYNAT pool VPN overload

20
Views
0
Helpful
1
Replies