[c-nsp] strange NAT problem on 1 link only.

troy at i2bnetworks.com troy at i2bnetworks.com
Thu Oct 23 03:12:05 EDT 2008 

Hi,

We have a customer that has multiple sites all connecting back to their
router in our colo. All the T1 and multilink T1 locations work just fine.
The one site that does not seem to have NAT working correctly is the one
on a T3. Each and every site is configured the same way with their own /24
private IP addresses and a /30 on the link between that location and the
colo router. Nat is done on the colo router (A 7206) on interface fa0/0.
Each of the serial interfaces or multilink interfaces are configured with
"ip nat inside" on the 7206. Interface fa0/0 is configured with "ip nat
outside".

Now here is the problem, any and all traffic coming from a site on a T1 or
multilink bundle of T1s to the internet (fa0/0) work just fine. Traffic
gets NAT'd, but traffic from the site that is on a T3, will not nat for
any reason. I have taken this T3 site and moved them onto T1s and moved
all their interface IP addresses and their LAN ip addresses and they work
fine. I move them back onto the T3 and they do not work. I moved them to a
different T3 port and they still do not nat. The 7206 is using a PA-2T3
for their connection and a PA-MC-T3 for the T1 connections.

Has anyone seen this and if so, How do you fix it? All routers are Cisco
and the 7206 was just upgraded to 12.3(14).

Here is the config parts for both working and non working NAT sites.

!
interface Multilink7
 description QUAD T1 circuit to RMO
 ip address 172.20.1.85 255.255.255.252
 ip nat inside
 ip virtual-reassembly
 no ip route-cache cef
 load-interval 30
 no cdp enable
 ppp authorization sint
 ppp multilink
 ppp multilink fragment disable
 ppp multilink links maximum 4
 ppp multilink links minimum 1
 ppp multilink group 7
!
interface FastEthernet0/0
 description 100M ethernet circuit to internet.
 ip address x.x.x.x 255.255.255.252
 ip nat outside
 ip virtual-reassembly
 no ip route-cache cef
 no ip route-cache
 no ip mroute-cache
 duplex full
!
!
interface Serial5/0/4:0
 description T1 to MP on S0
 ip address 172.20.1.73 255.255.255.252
 ip nat inside
 ip virtual-reassembly
 encapsulation ppp
 down-when-looped
 ppp authorization sint
!
!
interface Serial6/1
 description DS3 to RLJ
 ip address 172.20.1.65 255.255.255.252
 ip nat inside
 ip virtual-reassembly
 encapsulation ppp
 load-interval 30
 dsu bandwidth 44210
 framing c-bit
 cablelength 10
 down-when-looped
 serial restart-delay 0
 ppp authorization sint
!
ip route 10.0.0.0 255.255.255.0 172.20.1.66
ip route 192.168.33.0 255.255.255.0 172.20.1.86
ip route 192.168.22.0 255.255.255.0 172.20.1.74
!
ip nat translation max-entries 15000
ip nat pool def_pool x.x.x.65 x.x.x.65 netmask 255.255.255.240
ip nat inside source list 10 pool def_pool overload
!
access-list 10 remark Internet Access List (NAT)
access-list 10 permit 172.16.0.0 0.0.255.255 log
access-list 10 permit 172.20.0.0 0.0.255.255 log
access-list 10 permit 192.168.20.0 0.0.0.255 log
access-list 10 permit 192.168.254.0 0.0.0.255 log
access-list 10 permit 192.168.255.0 0.0.0.255 log
access-list 10 permit 192.168.0.0 0.0.255.255 log
access-list 10 permit 192.9.200.0 0.0.0.255 log
access-list 10 permit 10.0.0.0 0.0.255.255 log
!

More information about the cisco-nsp mailing list