[nsp] Troubleshooting NAT Failure

Sean Mathias seanm at prosolve.com
Sat May 22 16:50:09 EDT 2004 

I am seeing the following NAT failure on an edge router:

*Mar  1 00:09:51.059: NAT: s=69.2.200.182,
d=63.225.xxx.140->192.168.100.140 [53882]
*Mar  1 00:09:51.063: IP: s=69.2.200.182 (FastEthernet0/1),
d=192.168.100.140 (Ethernet1/0), g=192.168.0.1, len 58, forward
*Mar  1 00:09:51.063: NAT: s=69.2.200.182,
d=63.225.xxx.140->192.168.100.140 [53883]
*Mar  1 00:09:51.067: IP: s=69.2.200.182 (FastEthernet0/1),
d=192.168.100.140 (Ethernet1/0), g=192.168.0.1, len 58, forward
*Mar  1 00:09:51.067: NAT: s=69.2.200.182,
d=63.225.xxx.140->192.168.100.140 [53884]
*Mar  1 00:09:51.071: IP: s=69.2.200.182 (FastEthernet0/1),
d=192.168.100.140 (Ethernet1/0), g=192.168.0.1, len 58, forward
*Mar  1 00:09:51.071: NAT: s=69.2.200.182,
d=63.225.xxx.140->192.168.100.140 [53885]
*Mar  1 00:09:51.075: IP: s=69.2.200.182 (FastEthernet0/1),
d=192.168.100.140 (Ethernet1/0), g=192.168.0.1, len 58, forward
*Mar  1 00:09:51.075: NAT: s=69.2.200.182,
d=63.225.xxx.140->192.168.100.140 [53886]
*Mar  1 00:09:51.079: IP: s=69.2.200.182 (FastEthernet0/1),
d=192.168.100.140 (Ethernet1/0), g=192.168.0.1, len 62, forward
*Mar  1 00:09:51.079: NAT: s=69.2.200.182,
d=63.225.xxx.140->192.168.100.140 [53887]
*Mar  1 00:09:51.083: IP: s=69.2.200.182 (FastEthernet0/1),
d=192.168.100.140 (Ethernet1/0), g=192.168.0.1, len 58, forward
*Mar  1 00:09:51.083: NAT: s=69.2.200.182,
d=63.225.xxx.140->192.168.100.140 [53888]
*Mar  1 00:09:51.083: IP: s=69.2.200.182 (FastEthernet0/1),
d=192.168.100.140 (Ethernet1/0), g=192.168.0.1, len 61, forward
*Mar  1 00:09:51.087: NAT: s=192.168.100.140->63.225.xxx.140,
d=69.2.200.182 [1064]
*Mar  1 00:09:51.087: NAT: translation failed (A), dropping packet
s=63.225.xxx.140 d=69.2.200.182

Traffic gets translated, routes inside, back out, and fails translation
at the egress interface (same interface it entered on).  The only
reference I can find on CCO is to enable ip subnet-zero, it already is.
I have tried most everything I can think of, troubleshooting tools
(debugs) seem pretty limited for NAT.  Anyone have any ideas or
suggestions?

Sean Mathias
CCIE #12779
206-920-0301
seanm at prosolve.com

More information about the cisco-nsp mailing list