NAT translation problem

From: Hunt Lee (huntl@webcentral.com.au)
Date: Thu Oct 31 2002 - 23:14:04 GMT-3

• Next message: Dan.Thorson@seagate.com: "OT: Study Partner in Minneapolis Minnesota area"
• Previous message: Sam Munzani: "Re: Can a PIX interface be used as a endpoint for a GRE tunnel"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I have configured a 3 routers EBGP (see picture below). What I am trying
to achieve is that when a packet is forwarded to RTB, the packet will have a
sournce address from 205.113.50.0/23; when a packet is forwarded to
RTC, the packet must have a source address of 207.36.76.0/23.

For going to RTB, I based this on saying if the outgoing interface for
the packet is s0/0 (the int to RTB), then this packet must be for RTB
(hence NAT range 205.113.50.0/23).

As for going to RTC, I based this on if the Next-Hop IP for the packet
is 207.36.65.254, then this packet destination must be for RTC, hence
NAT range 207.36.76.0/23).

RTB RTC
  \ /
   RTA
    |
10.0.0.0/8 (Inside network)

The thing is, for the packets towards RTB, the NAT works fine.

But for the packets towards RTC, it works for the first few packets (i.e. I
could see it on "show ip nat translations" & debug messages, but anytime
after
that (even when the NAT entries have expired, it would not be able to be NAT
again.

here's RTA config...

interface FastEthernet0/0
 description Inside NAT
 ip address 10.1.1.1 255.255.0.0
 ip nat inside
 duplex auto
 speed auto

interface Serial0/0
 description to Outside ISP 1 - RTB
 ip address 205.113.49.253 255.255.255.252
 ip nat outside
 clockrate 64000

interface Serial0/1
 description to Outside ISP 2 - RTC
 ip address 207.36.65.253 255.255.255.252
 ip nat outside
 clockrate 64000

ip nat pool PoolOne 205.113.50.1 205.113.51.254 netmask 255.255.254.0 type
match-host
ip nat pool PoolTwo 207.36.76.1 207.36.76.254 netmask 255.255.254.0 type
match-host
ip nat inside source route-map ISP1 pool PoolOne
ip nat inside source route-map ISP2 pool PoolTwo

access-list 1 permit 10.0.0.0 0.255.255.255
access-list 3 permit 207.36.65.254

route-map ISP2 permit 10
 match ip address 1
 match ip next-hop 3
!
route-map ISP1 permit 10
 match ip address 1
 match interface Serial0/0

RTA#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B -BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter
area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/32 is subnetted, 1 subnets
B 1.1.1.1 [20/0] via 205.113.49.254, 00:04:12
     2.0.0.0/32 is subnetted, 1 subnets
B 2.2.2.2 [20/0] via 207.36.65.254, 00:04:12
     3.0.0.0/32 is subnetted, 1 subnets
C 3.3.3.3 is directly connected, Loopback0
     205.113.49.0/30 is subnetted, 1 subnets
C 205.113.49.252 is directly connected, Serial0/0
     207.36.65.0/30 is subnetted, 1 subnets
C 207.36.65.252 is directly connected, Serial0/1
     10.0.0.0/16 is subnetted, 1 subnets
C 10.1.0.0 is directly connected, FastEthernet0/0
RTA#

Any help will be greatly appreciated.

Regards,
H.

• Next message: Dan.Thorson@seagate.com: "OT: Study Partner in Minneapolis Minnesota area"
• Previous message: Sam Munzani: "Re: Can a PIX interface be used as a endpoint for a GRE tunnel"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Nov 05 2002 - 08:36:01 GMT-3