[c-nsp] NAT issue on ASR1K

Brian Turnbow b.turnbow at twt.it
Tue Sep 4 10:31:21 EDT 2012


Hi


> -----Original Message-----
> From: Nasir Shaikh [mailto:nasir at nasirshaikh.com]
> Sent: martedì 4 settembre 2012 16:19
> To: Brian Turnbow; 'M.Ahsan Khan'; cisco-nsp at puck.nether.net
> Subject: RE: [c-nsp] NAT issue on ASR1K
> 
> Hi Brian,
> Thanks for your input.
> The router accepts the first two commands without any problem:
> ip nat inside source static tcp x.x.7.42 1720 interface Loopback12 1720 ip
> nat inside source static tcp x.x.7.42 4001 interface Loopback12 4001
> 
> It is only when I try to configure the other two NAT statements (see below-
> notice that the last octet of the IL and interface representing the IG are
> different) using different IL and IG addresses but the same ports that it
> starts complaining.
> ip nat inside source static tcp x.x.7.43 1720 interface Loopback13 1720 ip
> nat inside source static tcp x.x.7.43 4001 interface Loopback13 4001
> 
> I removed the first 2 NAT statements and configured the last 2 first - no
> problem. Tried putting the first 2 statements back again, same message.
> 
> Sh ip sockets does not show ports 1720 or 4001 at all.
> 
> Anyone able to try this on a ASR1K?

Mine works fine

asr1006-jn1(config)#ip nat inside source static tcp 10.1.1.1 1720 int loopback 0 1720
asr1006-jn1(config)#ip nat inside source static tcp 10.1.1.2 1720 int loopback 1 1720
asr1006-jn1(config)#

I see you have an old IOS try and upgrade.

Brian


> 
> Regards
> 
> Nasir
> 
> -----Original Message-----
> From: Brian Turnbow [mailto:b.turnbow at twt.it]
> Sent: dinsdag 4 september 2012 16:06
> To: Nasir Shaikh; 'M.Ahsan Khan'; cisco-nsp at puck.nether.net
> Subject: RE: [c-nsp] NAT issue on ASR1K
> 
> Hi
> 
> > My inside local and inside global are unique addresses so the
> > extendable keyword doesn't seem to be the solution.
> > It is the port that the router is complaining about. Looks like it
> > does
> not
> > want to use the same port again even if it is associated with a
> > separate
> IP
> > address.
> >
> 
> 
> Actually the router is saying that it uses those ports ..
> 
> "%Port 1720 is being used by system"
> 
> Sh ip sockets will show that it is listening.
> You will need to make the port available for nat, for example by turing off
> h323.
> Or since it is  an ASR you may look into the SBC (unified border element)
> stuff as well.
> 
> Brian
> 
> 
> 
> 
> 
> ---
> This e-mail is intended only for the addressee named above.
> As this e-mail may contain confidential or privileged information, if you
> are not the named addressee, you are not authorized to retain, read,
> copy or disseminate this message or any part of it.
> 
> Please consider your environmental responsibility before printing this e-
> mail.



---
This e-mail is intended only for the addressee named above. 
As this e-mail may contain confidential or privileged information, 
if you are not the named addressee, you are not authorized to retain, read, 
copy or disseminate this message or any part of it.   
 
Please consider your environmental responsibility before printing this e-mail.




More information about the cisco-nsp mailing list