Cisco 2600 router configuration problem - router is performing port address translation, rather than network address translation using the natpool of internet addresses.
Posted on 2006-05-02
We have a relatively simple wan/vpn setup, with a set of 2610 routers and 1 1720 router, plus a Pix 515 at our main office behind another 2610. Recently, we've been getting notices from our ISP saying there is beagle worm traffic coming from a computer at one of our locations, and gives me an i.p. address to follow up with. Much to my chagrine, however, when I look at the ip nat translation table on the router, it appears to be doing port address translation, rather than network address translation, using the first ip address from the natpool (i.e. everyone is using the 1 address, even though we have some 200+ addresses in the natpool available). I'm looking for some help in remedying the config (which, incidentally, was originally configured by an outside vendor, so it's not my fault! :-) so that the router will begin using a unique address from the natpool for each pc going out to the internet. I've copied in below what I believe to be the applicable part of one config, hoping for some input on what needs changing....thanks in advance!
ip nat pool Daytona-natpool-1 22.214.171.124 126.96.36.199 netmask 255.255.255.0
ip nat inside source route-map nonat pool Daytona-natpool-1 overload
The offending ip address being reported by our isp is the 188.8.131.52 address, and if you look at the ip nat translation table on the router, everybody is using that address..