Solved

Cisco 1721 - Losing Nat connection

Posted on 2014-12-03
7
132 Views
Last Modified: 2015-01-15
Hi, I have a /29 ip address block. I am configuring my cisco router to be able to do NAT, what happens is that when I do the following config:

no ip http server
ip nat pool nat 66.196.xxx.126 66.196.111.130 netmask 255.255.255.248
ip nat inside source list 1 pool nat overload
ip nat inside source static 192.168.10.4 66.196.xxx.127
ip nat inside source static 192.168.10.5 66.196.xxx.128
ip nat inside source static 192.168.10.6 66.196.xxx.129
ip nat inside source static 192.168.10.7 66.196.xxx.130

when I save this confg and do a show run, only one static address is configured the rest of the static configs are not there, why is this? What can I do to resolve this problem?

Thank you,
a
0
Comment
Question by:aej1973
  • 4
  • 2
7 Comments
 
LVL 45

Expert Comment

by:Craig Beck
ID: 40480559
You don't need to use the pool if you're doing static mappings.
0
 

Author Comment

by:aej1973
ID: 40480685
Craig, in that case how do I rewrite the following line
ip nat pool nat 66.196.xxx.126 66.196.111.130 netmask 255.255.255.248 ?

Thank you
0
 

Expert Comment

by:Deepak Mittal
ID: 40480965
Could you please send the full config?
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 45

Accepted Solution

by:
Craig Beck earned 500 total points
ID: 40480991
Craig, in that case how do I rewrite the following line
ip nat pool nat 66.196.xxx.126 66.196.111.130 netmask 255.255.255.248 ?
You don't need to.

If I'm understanding what you're wanting to do, you want to give 4 internal hosts a dedicated IP address on the public side of your router?

You have done this by creating a static NAT entry.

I'm assuming you used .126 for the WAN interface?  Therefore the following line:
ip nat inside source list 1 pool nat overload
would be changed to read...
ip nat inside source list 1 interface <WAN_INTERFACE> overload

Open in new window


Replace <WAN_INTERFACE> with whatever is your WAN interface actually is.

When you use a block of addresses like this you don't have to actually tell the router that they're there.  The subnet mask will tell the router that it is on that subnet, then the static NAT entries tell the router that it owns those particular IP addresses.

If you want to NAT-Overload outbound connections in a round-robin fashion by using all your public IPs in a pool you would need to use the pool (as you have already) but I'm guessing that's not what you want.  What this would do is send one connection out using .126, then another connection out using .127, etc, etc.
0
 

Author Comment

by:aej1973
ID: 40481653
Craig, my config is exactly what you have stated. I just need all my network traffic to go out of .126 and I am going to NAT 4 of my routers in my LAN via addresses .127 to 130. Yes, .126 is my WAN interface.

When I run the command you mentioned,
#ip nat inside source list 1 interface 66.196.xxx.126 I get the following error:

% Invalid input detected at '^' marker.
 
Where the marker point to the word 'inside". What could be the problem?

Thanks for the help.

A
0
 

Author Comment

by:aej1973
ID: 40483612
I was able to map the interface. I am running some test and will keep you posted. Thank you very much for the help!

A
0
 

Author Closing Comment

by:aej1973
ID: 40551062
Thanks Craig, this solution worked.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Transit network 1 28
2/29/2016 - is this date causing computer problems? 4 38
WOL takes a three day weekend 32 81
HP Networking 1 154
When replacing some switches recently I started playing with the idea of having admins authenticate with their domain accounts instead of having local users on all switches all over the place. Since I allready had an w2k8R2 NPS running for my acc…
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now