Solved

Cisco 1721 - Losing Nat connection

Posted on 2014-12-03
7
136 Views
Last Modified: 2015-01-15
Hi, I have a /29 ip address block. I am configuring my cisco router to be able to do NAT, what happens is that when I do the following config:

no ip http server
ip nat pool nat 66.196.xxx.126 66.196.111.130 netmask 255.255.255.248
ip nat inside source list 1 pool nat overload
ip nat inside source static 192.168.10.4 66.196.xxx.127
ip nat inside source static 192.168.10.5 66.196.xxx.128
ip nat inside source static 192.168.10.6 66.196.xxx.129
ip nat inside source static 192.168.10.7 66.196.xxx.130

when I save this confg and do a show run, only one static address is configured the rest of the static configs are not there, why is this? What can I do to resolve this problem?

Thank you,
a
0
Comment
Question by:aej1973
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 46

Expert Comment

by:Craig Beck
ID: 40480559
You don't need to use the pool if you're doing static mappings.
0
 

Author Comment

by:aej1973
ID: 40480685
Craig, in that case how do I rewrite the following line
ip nat pool nat 66.196.xxx.126 66.196.111.130 netmask 255.255.255.248 ?

Thank you
0
 

Expert Comment

by:Deepak Mittal
ID: 40480965
Could you please send the full config?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 46

Accepted Solution

by:
Craig Beck earned 500 total points
ID: 40480991
Craig, in that case how do I rewrite the following line
ip nat pool nat 66.196.xxx.126 66.196.111.130 netmask 255.255.255.248 ?
You don't need to.

If I'm understanding what you're wanting to do, you want to give 4 internal hosts a dedicated IP address on the public side of your router?

You have done this by creating a static NAT entry.

I'm assuming you used .126 for the WAN interface?  Therefore the following line:
ip nat inside source list 1 pool nat overload
would be changed to read...
ip nat inside source list 1 interface <WAN_INTERFACE> overload

Open in new window


Replace <WAN_INTERFACE> with whatever is your WAN interface actually is.

When you use a block of addresses like this you don't have to actually tell the router that they're there.  The subnet mask will tell the router that it is on that subnet, then the static NAT entries tell the router that it owns those particular IP addresses.

If you want to NAT-Overload outbound connections in a round-robin fashion by using all your public IPs in a pool you would need to use the pool (as you have already) but I'm guessing that's not what you want.  What this would do is send one connection out using .126, then another connection out using .127, etc, etc.
0
 

Author Comment

by:aej1973
ID: 40481653
Craig, my config is exactly what you have stated. I just need all my network traffic to go out of .126 and I am going to NAT 4 of my routers in my LAN via addresses .127 to 130. Yes, .126 is my WAN interface.

When I run the command you mentioned,
#ip nat inside source list 1 interface 66.196.xxx.126 I get the following error:

% Invalid input detected at '^' marker.
 
Where the marker point to the word 'inside". What could be the problem?

Thanks for the help.

A
0
 

Author Comment

by:aej1973
ID: 40483612
I was able to map the interface. I am running some test and will keep you posted. Thank you very much for the help!

A
0
 

Author Closing Comment

by:aej1973
ID: 40551062
Thanks Craig, this solution worked.
0

Featured Post

Space-Age Communications Transitions to DevOps

ViaSat, a global provider of satellite and wireless communications, securely connects businesses, governments, and organizations to the Internet. Learn how ViaSat’s Network Solutions Engineer, drove the transition from a traditional network support to a DevOps-centric model.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

When replacing some switches recently I started playing with the idea of having admins authenticate with their domain accounts instead of having local users on all switches all over the place. Since I allready had an w2k8R2 NPS running for my acc…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question