NAT ISSues

Kaushik Ray · ‎07-16-2014

I cannot see any entries on the NAT translations; anyone can advice please? for the .25 ip address but can see for the .1

ip access-list extended POLICYNAT
permit ip host 172.16.2.25 172.17.37.176 0.0.0.15
permit ip host 172.16.2.25 172.17.37.192 0.0.0.15
permit ip host 172.16.2.25 172.17.37.208 0.0.0.15
permit ip host 172.16.2.1 172.17.37.176 0.0.0.15
!

interface GigabitEthernet0/0
ip address 172.28.209.110 255.255.255.252
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto

interface GigabitEthernet0/1.10
encapsulation dot1Q 10
ip address 172.16.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly in

ip nat pool VPN 172.17.40.97 172.17.40.97 netmask 255.255.255.240

ip nat inside source list POLICYNAT pool VPN

Pro Inside global         Inside local          Outside local         Outside global
tcp 172.17.40.97:443      172.16.2.1:443        172.17.37.178:57012   172.17.37.178:57012
tcp 172.17.40.97:443      172.16.2.1:443        172.17.37.178:57014   172.17.37.178:57014
tcp 172.17.40.97:443      172.16.2.1:443        172.17.37.178:57015   172.17.37.178:57015
tcp 172.17.40.97:443      172.16.2.1:443        172.17.37.210:51106   172.17.37.210:51106
tcp 172.17.40.97:443      172.16.2.1:443        172.17.37.210:51115   172.17.37.210:51115
tcp 172.17.40.97:443      172.16.2.1:443        172.17.37.210:51129   172.17.37.210:51129
--- 172.17.40.97          172.16.2.1            ---                   ---

Any one knows why the issue is? tried a ping / traceroute from the .25 and it shows this

traceroute -s 172.16.2.25 172.17.37.210

traceroute to 172.17.37.210 (172.17.37.210), 30 hops max, 60 byte packets

1 172.16.2.1 (172.16.2.1) 1.733 ms 1.803 ms 1.908 ms

2 172.16.2.1 (172.16.2.1) 2.036 ms !H * *

Anyone can tell me where i may be going wrong!

Robert Falconer · ‎07-16-2014

Try adding the overload command to your entry:

ip nat inside source list POLICYNAT pool VPN overload