[c-nsp] NAT question.

Troy Beisigl troy at i2bnetworks.com
Sun Sep 16 13:08:10 EDT 2007 

I have a strange problem happening with NAT and am wondering if anyone here
might be able to help solve the problem. We have a cisco 2611 router
configured to do NAT of IP addresses on the 2 T1 serial interfaces to public
IP addresses on the Ethernet 0/0 interface. It seems to translate the IP
addresses of the serial interface itself but not the IP addresses of the
Ethernet interface on the router on the remote side of those T1s. Here are
the details of the network.

 

Office A connects to the Ethernet of router A (A cisco 1720). This router
has a T1 interface that connects to router C (A Cisco 2611) on T1 interface
S0/0. Router C is configured with ip nat inside on serial 0/0 and serial
0/1. Router C also is configured with ip nat outside on Ethernet 0/0.
packets from the Ethernet of Router A do not seem to get nat'd, however to
show up in the nat translations table. Packets from router A sourced from
the T1 interface do get nat'd. Router B is the same as router A except that
it is on a different internal IP block and has the same NAT problem.  Any
ideas on why these IP addresses are not getting NAT'd correctly?

 

Router A config:

 

!

interface Serial0

 description T1 Circuit ID: XXXXXXXX

 ip address 192.168.0.1 255.255.255.252

 down-when-looped

 service-module t1 timeslots 1-24

!

interface FastEthernet0

 ip address 10.2.0.1 255.255.255.0

 speed auto

!

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.0.2

no ip http server

!

!

 

 

Router C config:

 

interface Ethernet0/0

 ip address 66.X.A.97 255.255.255.224

 ip nat outside

 load-interval 30

 half-duplex

!

interface Serial0/0

 ip address 192.168.0.2 255.255.255.252

 ip nat inside

 load-interval 30

 no fair-queue

 service-module t1 clock source internal

 service-module t1 timeslots 1-24

!

interface Ethernet0/1

 no ip address

 shutdown

 half-duplex

!

interface Serial0/1

 ip address 192.168.0.6 255.255.255.252

 ip nat inside

 load-interval 30

 shutdown

 service-module t1 clock source internal

 service-module t1 timeslots 1-24

!

ip nat translation max-entries 15000

ip nat pool def_pool 66.X.A.99 66.X.A.99 netmask 255.255.255.224

ip nat inside source list 10 pool def_pool overload

ip classless

ip route 0.0.0.0 0.0.0.0 66.X.A.98

ip route 10.1.0.0 255.255.255.0 192.168.0.5

ip route 10.2.0.0 255.255.255.0 192.168.0.1

!

access-list 10 remark Internet Access List (NAT)

access-list 10 permit 10.1.0.0 0.0.0.255 log

access-list 10 permit 10.2.0.0 0.0.0.255 log

access-list 10 permit 192.168.0.0 0.0.0.255 log

!

Thanks,

Troy

More information about the cisco-nsp mailing list