Re: prefix-len in a nat pool

From: Sergey Golovanov (sergey.golovanov@iementor.com)
Date: Fri Feb 02 2007 - 17:39:54 ART

• Next message: Sergey Golovanov: "Re: Static Nat with extendable option?"
• Previous message: Narbik Kocharians: "Re: FW: CCIE Security Lab Workbook Advice"
• Maybe in reply to: Bit Gossip: "prefix-len in a nat pool"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

yes, this of course won't work:

ip nat pool S4-3 200.1.3.111 200.1.3.111 netmask 255.255.255.252

200.1.3.111 is the broadcast address in the 200.1.3.108/30 subnet

try this instead, and it will work:

ip nat pool S4-3 200.1.3.110 200.1.3.110 netmask 255.255.255.252

or

ip nat pool S4-3 200.1.3.109 200.1.3.109 netmask 255.255.255.252

--------------------------------------------------------------------
Sergey Golovanov, CCIEx5 (R&S/Security/Voice/Service Provider/Storage)
"Please, don't ask me for my ccie #, there are reasons why I can't release it"
ieMentor Instructor and Content Developer
sergey.golovanov@iementor.com
http://www.iementor.com

> -------Original Message-------
> From: Bit Gossip <bit.gossip@chello.nl>
> Subject: prefix-len in a nat pool
> Sent: Feb 02 '07 13:22
>
> Hi Group,
> I can not catch the meanining of this optional parameter of a NAT pool
> as it is explained in the DocCD. Plus I noticed that if it is not set
> correctly (i dont know what is correct) NAT doesnt work as from the
> following example.
> What is this option? What should it be set to?
> Thanks,
> Luca.
>
> ~~~~~~~~~~~~~~~~~~
> ~ Working config ~
> ~~~~~~~~~~~~~~~~~~
>
> ip nat pool S4-3 200.1.3.111 200.1.3.111 netmask 255.255.255.0
> ip nat inside source list 143 pool S4-3 overload
> !
> access-list 143 deny ip 192.168.11.0 0.0.0.255 host 192.168.41.4
> access-list 143 permit ip 192.168.11.0 0.0.0.255 any
>
> NAT: address not stolen for 192.168.11.1, proto 1 port 69
> NAT: creating portlist proto 1 globaladdr 200.1.3.111
> NAT: Allocated Port for 192.168.11.1 -> 200.1.3.111: wanted 69 got 69
> NAT: i: icmp (192.168.11.1, 69) -> (192.168.41.40, 69) [229]
> NAT: s=192.168.11.1->200.1.3.111, d=192.168.41.40 [229]
> NAT: o: icmp (192.168.41.40, 69) -> (200.1.3.111, 69) [229]
> NAT: s=192.168.41.40, d=200.1.3.111->192.168.11.1 [229]
>
> -> works
>
> ~~~~~~~~~~~~~~~~~~~~~~
> ~ NOT Working config ~
> ~~~~~~~~~~~~~~~~~~~~~~
>
> ip nat pool S4-3 200.1.3.111 200.1.3.111 netmask 255.255.255.252
> ip nat inside source list 143 pool S4-3 overload
> !
> access-list 143 deny ip 192.168.11.0 0.0.0.255 host 192.168.41.4
> access-list 143 permit ip 192.168.11.0 0.0.0.255 any
>
>
> NAT: address not stolen for 192.168.11.1, proto 1 port 70
> NAT: failed to allocate address for 192.168.11.1, list/map 143
> NAT*: Can't create new inside entry - forced_punt_flags: 0
> NAT: address not stolen for 192.168.11.1, proto 1 port 70
> NAT: failed to allocate address for 192.168.11.1, list/map 143
> NAT: translation failed (A), dropping packet s=192.168.11.1
> d=192.168.41.40
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Sergey Golovanov: "Re: Static Nat with extendable option?"
• Previous message: Narbik Kocharians: "Re: FW: CCIE Security Lab Workbook Advice"
• Maybe in reply to: Bit Gossip: "prefix-len in a nat pool"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Mar 01 2007 - 07:38:45 ART