• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 146
  • Last Modified:

Cisco 1721 - Losing Nat connection

Hi, I have a /29 ip address block. I am configuring my cisco router to be able to do NAT, what happens is that when I do the following config:

no ip http server
ip nat pool nat 66.196.xxx.126 66.196.111.130 netmask 255.255.255.248
ip nat inside source list 1 pool nat overload
ip nat inside source static 192.168.10.4 66.196.xxx.127
ip nat inside source static 192.168.10.5 66.196.xxx.128
ip nat inside source static 192.168.10.6 66.196.xxx.129
ip nat inside source static 192.168.10.7 66.196.xxx.130

when I save this confg and do a show run, only one static address is configured the rest of the static configs are not there, why is this? What can I do to resolve this problem?

Thank you,
a
0
aej1973
Asked:
aej1973
  • 4
  • 2
1 Solution
 
Craig BeckCommented:
You don't need to use the pool if you're doing static mappings.
0
 
aej1973Author Commented:
Craig, in that case how do I rewrite the following line
ip nat pool nat 66.196.xxx.126 66.196.111.130 netmask 255.255.255.248 ?

Thank you
0
 
Deepak MittalManagerCommented:
Could you please send the full config?
0
Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

 
Craig BeckCommented:
Craig, in that case how do I rewrite the following line
ip nat pool nat 66.196.xxx.126 66.196.111.130 netmask 255.255.255.248 ?
You don't need to.

If I'm understanding what you're wanting to do, you want to give 4 internal hosts a dedicated IP address on the public side of your router?

You have done this by creating a static NAT entry.

I'm assuming you used .126 for the WAN interface?  Therefore the following line:
ip nat inside source list 1 pool nat overload
would be changed to read...
ip nat inside source list 1 interface <WAN_INTERFACE> overload

Open in new window


Replace <WAN_INTERFACE> with whatever is your WAN interface actually is.

When you use a block of addresses like this you don't have to actually tell the router that they're there.  The subnet mask will tell the router that it is on that subnet, then the static NAT entries tell the router that it owns those particular IP addresses.

If you want to NAT-Overload outbound connections in a round-robin fashion by using all your public IPs in a pool you would need to use the pool (as you have already) but I'm guessing that's not what you want.  What this would do is send one connection out using .126, then another connection out using .127, etc, etc.
0
 
aej1973Author Commented:
Craig, my config is exactly what you have stated. I just need all my network traffic to go out of .126 and I am going to NAT 4 of my routers in my LAN via addresses .127 to 130. Yes, .126 is my WAN interface.

When I run the command you mentioned,
#ip nat inside source list 1 interface 66.196.xxx.126 I get the following error:

% Invalid input detected at '^' marker.
 
Where the marker point to the word 'inside". What could be the problem?

Thanks for the help.

A
0
 
aej1973Author Commented:
I was able to map the interface. I am running some test and will keep you posted. Thank you very much for the help!

A
0
 
aej1973Author Commented:
Thanks Craig, this solution worked.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now