[c-nsp] NAT issue on ASR1K

Nasir Shaikh nasir at nasirshaikh.com
Tue Sep 4 10:19:18 EDT 2012 

Hi Brian,
Thanks for your input.
The router accepts the first two commands without any problem:
ip nat inside source static tcp x.x.7.42 1720 interface Loopback12 1720
ip nat inside source static tcp x.x.7.42 4001 interface Loopback12 4001

It is only when I try to configure the other two NAT statements (see below-
notice that the last octet of the IL and interface representing the IG are
different) using different IL and IG addresses but the same ports that it
starts complaining.
ip nat inside source static tcp x.x.7.43 1720 interface Loopback13 1720
ip nat inside source static tcp x.x.7.43 4001 interface Loopback13 4001

I removed the first 2 NAT statements and configured the last 2 first - no
problem. Tried putting the first 2 statements back again, same message.

Sh ip sockets does not show ports 1720 or 4001 at all.

Anyone able to try this on a ASR1K?

Regards

Nasir

-----Original Message-----
From: Brian Turnbow [mailto:b.turnbow at twt.it] 
Sent: dinsdag 4 september 2012 16:06
To: Nasir Shaikh; 'M.Ahsan Khan'; cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] NAT issue on ASR1K

Hi

> My inside local and inside global are unique addresses so the extendable
> keyword doesn't seem to be the solution.
> It is the port that the router is complaining about. Looks like it does
not
> want to use the same port again even if it is associated with a separate
IP
> address.
> 


Actually the router is saying that it uses those ports ..

"%Port 1720 is being used by system"

Sh ip sockets will show that it is listening.
You will need to make the port available for nat, for example by turing off
h323.
Or since it is  an ASR you may look into the SBC (unified border element)
stuff as well.

Brian





---
This e-mail is intended only for the addressee named above. 
As this e-mail may contain confidential or privileged information, 
if you are not the named addressee, you are not authorized to retain, read, 
copy or disseminate this message or any part of it.   
 
Please consider your environmental responsibility before printing this
e-mail.

More information about the cisco-nsp mailing list