[c-nsp] Strange NAT Issue on 7200

Andy Saykao andy.saykao at staff.netspace.net.au
Wed Jan 28 01:15:07 EST 2009 

Hi there,
 
I'm trying to get NAT working on a Cisco 7204VXR (NPE-G1) but can not
see any NAT translations taking place on the router. Running
12.2(31)SB13 on the router.
 
[Internet] <- [7200 Router] <- [3560G Switch] <-- [LAN]
 
Here is the relevant NAT config on the router. It's almost identical to
the config we use on another 7200.
 
interface GigabitEthernet0/2
 description Connect to 3560G Switch:Gi0/9
 no ip address
 ip flow ingress
 load-interval 30
 media-type rj45
 speed 1000
 duplex full
 no negotiation auto
 no clns route-cache
!
interface GigabitEthernet0/2.13
 description NAT Outside Interface
 encapsulation dot1Q 13
 ip address 203.x.x.x 255.255.255.0
 ip nat outside
 ip flow ingress
!
interface GigabitEthernet0/2.12
 description NAT Inside Interface - Office Network
 encapsulation dot1Q 12
 ip address 172.16.70.1 255.255.255.0 secondary
 ip address 210.15.x.x 255.255.255.240
 ip nat inside
 ip flow ingress
 no cdp enable
!
interface GigabitEthernet0/2.999999
 description Test
 encapsulation dot1Q 999
 ip address 172.16.72.1 255.255.255.0
 ip nat inside
!
access-list 5 permit 172.16.70.0 0.0.0.255
access-list 5 permit 172.16.72.0 0.0.0.255
!
ip nat inside source list 5 interface GigabitEthernet0/2.13 overload
 
When I do a ping using the inside interface as the source address, I get
no NAT translations taking place.
 
7200#ping www.google.com source 172.16.70.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 66.249.89.147, timeout is 2 seconds:
Packet sent with a source address of 172.16.70.1
.....
Success rate is 0 percent (0/5)

7200#sh ip nat statistics
Total active translations: 0 (0 static, 0 dynamic; 0 extended)
Outside interfaces:
  GigabitEthernet0/2.13
Inside interfaces:
  GigabitEthernet0/2.12, GigabitEthernet0/2.999999
Hits: 0  Misses: 0
CEF Translated packets: 0, CEF Punted packets: 421379
Expired translations: 0
Dynamic mappings:
-- Inside Source
[Id: 3] access-list 5 interface GigabitEthernet0/2.13 refcount 0

7200#sh access-lists 5
Standard IP access list 5 (Compiled)
    10 permit 172.16.70.0, wildcard bits 0.0.0.255
    20 permit 172.16.72.0, wildcard bits 0.0.0.255

Any ideas?
 
Thanks.
 
Andy

This email and any files transmitted with it are confidential and intended
 solely for the use of the individual or entity to whom they are addressed. 
Please notify the sender immediately by email if you have received this 
email by mistake and delete this email from your system. Please note that
 any views or opinions presented in this email are solely those of the
 author and do not necessarily represent those of the organisation. 
Finally, the recipient should check this email and any attachments for 
the presence of viruses. The organisation accepts no liability for any 
damage caused by any virus transmitted by this email.

More information about the cisco-nsp mailing list