Source address NAT ok for some addresses, not others

scott.dunn · ‎11-16-2005

I have, "ip nat inside source route-map my-map interface s0/0 overload".

The route-map refereces as ACL that permits three hosts, as follows:

route-map may-map

match ip these-hosts

ip access-list extended these-hosts

permit ip host 172.16.1.100 host 10.10.10.100

permit ip host 172.17.1.100 host 10.10.10.100

permit ip host 192.168.1.100 host 10.10.10.100

One observation: the 192.168.1.0 /24 is the network of the nat inside interface (fa0/0) and the address space of the third ACE in the ACL referenced in the route-map. This may or may not be related to the problem (I suspect it is).

Finally, the problem is that the two source addresses in the 172.NumberSpace are correctly nat'ed to the serial0/0 interface address, but the source address 192.168.1.100 (and others tested in that same class C address space) do NOT get NAT'ed.

Anyone have any thoughts as to what's going on?

sundar.palaniappan · ‎11-16-2005

NAT config looks good.

The only traffic that would be NATted from the 192.168.1.0/24 subnet is if it comes from 192.168.1.100 destined for host 10.10.10.100. Was the source traffic coming from another host on the 192.168.1.0/24 subnet. In that case, you would have to reconfigure the 3rd ACL statement to permit the whole subnet.

If you still have problems, can you post the router config and show ip nat transalations.

scott.dunn · ‎11-16-2005

Please pardon the several typo's in the text :\

gaurav.prakash · ‎11-17-2005

do you see any counters for 3rd entry in ACl. Plz use

sh access-list these-host