[c-nsp] C876 - Forced to use NAT Virtual Interface

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Sat Mar 3 14:25:53 EST 2007 

Gaurav,

I'm not entirely sure about the environment. can you show the full
config and describe what you're trying to achieve? The presence of a
dialer and a virtual-access interface as NAT outside suggests that
you're already using NAT for a PPPoX connection, and also want to NAT
packets going into the L2TP tunnel?

	oli

Gaurav Sabharwal <> wrote on Wednesday, February 28, 2007 10:29 AM:

> Have a Cisco 876 router running 12.4(6)T6 IOS release and have noticed
> that classic NAT translation does not works. Below is the relevant
> configuration.
> 
> !
> interface Virtual-PPP1
>   ip address negotiated
>   ip nat outside
>   ip virtual-reassembly
>   fair-queue
>   no cdp enable
>   ppp authentication chap callin
>   ppp chap hostname testuser
>   ppp chap password 0 testpass
>   ppp direction callout
>   pseudowire 172.17.101.1 10 pw-class pwclass1
> !
> interface Vlan1
>   ip address 192.168.10.1 255.255.255.128
>   ip nat inside
>   ip virtual-reassembly
> !
> ip nat source static 192.168.10.1 10.10.0.17
> ip nat source static 192.168.10.2 10.10.0.18
> ip nat source static 192.168.10.3 10.10.0.19
> ip nat source static 192.168.10.4 10.10.0.20
> !
> 
> show classic NAT statistics
> 
> rtr# sh ip nat stat
> Total active translations: 0 (0 static, 0 dynamic; 0 extended)
> Outside interfaces:
>    Dialer1, Virtual-Access1
> 
> Inside interfaces:
>    Vlan1
> Hits: 0  Misses: 0
> CEF Translated packets: 0, CEF Punted packets: 0
> Expired translations: 0
> Dynamic mappings:
> 
> Queued Packets: 0
> 
> rtr# show ip nat stat
> Total active translations: 0 (0 static, 0 dynamic; 0 extended)
> Outside interfaces:
>    Dialer1, Virtual-Access1
> Inside interfaces:
>    Vlan1
> 
> Hits: 0  Misses: 0
> CEF Translated packets: 0, CEF Punted packets: 0
> Expired translations: 0
> Dynamic mappings:
> Queued Packets: 0
> 
> show stats for NVI
> 
> rtr# sh ip nat nvi stat
> Total active translations: 4 (4 static, 0 dynamic; 0 extended)
> NAT Enabled interfaces:
> 
> Hits: 0  Misses: 0
> CEF Translated packets: 0, CEF Punted packets: 0
> Expired translations: 0
> Dynamic mappings:
> 
> 
> rtr# show ip nat nvi trans
> Pro Source global      Source local       Destin  local      Destin 
> global 
> --- 10.10.0.17         192.168.10.1       ---                ---
> --- 10.10.0.18         192.168.10.2       ---                ---
> --- 10.10.0.19         192.168.10.3       ---                ---
> --- 10.10.0.20         192.168.10.4       ---                ---
> 
> Reading the documents, my understanding is that the NVI interface will
> be triggered when "ip nat enable" command is used on the interfaces.
> Anybody seen this issue or point the obvious thing that I am missing
> in the configuration?
> 
> Thanks,
> - Gaurav
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list