?
Solved

Cisco 1721 - Losing Nat connection

Posted on 2014-12-03
7
Medium Priority
?
139 Views
Last Modified: 2015-01-15
Hi, I have a /29 ip address block. I am configuring my cisco router to be able to do NAT, what happens is that when I do the following config:

no ip http server
ip nat pool nat 66.196.xxx.126 66.196.111.130 netmask 255.255.255.248
ip nat inside source list 1 pool nat overload
ip nat inside source static 192.168.10.4 66.196.xxx.127
ip nat inside source static 192.168.10.5 66.196.xxx.128
ip nat inside source static 192.168.10.6 66.196.xxx.129
ip nat inside source static 192.168.10.7 66.196.xxx.130

when I save this confg and do a show run, only one static address is configured the rest of the static configs are not there, why is this? What can I do to resolve this problem?

Thank you,
a
0
Comment
Question by:aej1973
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 46

Expert Comment

by:Craig Beck
ID: 40480559
You don't need to use the pool if you're doing static mappings.
0
 

Author Comment

by:aej1973
ID: 40480685
Craig, in that case how do I rewrite the following line
ip nat pool nat 66.196.xxx.126 66.196.111.130 netmask 255.255.255.248 ?

Thank you
0
 

Expert Comment

by:Deepak Mittal
ID: 40480965
Could you please send the full config?
0
Get proactive database performance tuning online

At Percona’s web store you can order full Percona Database Performance Audit in minutes. Find out the health of your database, and how to improve it. Pay online with a credit card. Improve your database performance now!

 
LVL 46

Accepted Solution

by:
Craig Beck earned 2000 total points
ID: 40480991
Craig, in that case how do I rewrite the following line
ip nat pool nat 66.196.xxx.126 66.196.111.130 netmask 255.255.255.248 ?
You don't need to.

If I'm understanding what you're wanting to do, you want to give 4 internal hosts a dedicated IP address on the public side of your router?

You have done this by creating a static NAT entry.

I'm assuming you used .126 for the WAN interface?  Therefore the following line:
ip nat inside source list 1 pool nat overload
would be changed to read...
ip nat inside source list 1 interface <WAN_INTERFACE> overload

Open in new window


Replace <WAN_INTERFACE> with whatever is your WAN interface actually is.

When you use a block of addresses like this you don't have to actually tell the router that they're there.  The subnet mask will tell the router that it is on that subnet, then the static NAT entries tell the router that it owns those particular IP addresses.

If you want to NAT-Overload outbound connections in a round-robin fashion by using all your public IPs in a pool you would need to use the pool (as you have already) but I'm guessing that's not what you want.  What this would do is send one connection out using .126, then another connection out using .127, etc, etc.
0
 

Author Comment

by:aej1973
ID: 40481653
Craig, my config is exactly what you have stated. I just need all my network traffic to go out of .126 and I am going to NAT 4 of my routers in my LAN via addresses .127 to 130. Yes, .126 is my WAN interface.

When I run the command you mentioned,
#ip nat inside source list 1 interface 66.196.xxx.126 I get the following error:

% Invalid input detected at '^' marker.
 
Where the marker point to the word 'inside". What could be the problem?

Thanks for the help.

A
0
 

Author Comment

by:aej1973
ID: 40483612
I was able to map the interface. I am running some test and will keep you posted. Thank you very much for the help!

A
0
 

Author Closing Comment

by:aej1973
ID: 40551062
Thanks Craig, this solution worked.
0

Featured Post

Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question