Options
CCENT NAT overload issue
Garo
Member Posts: 20 ■□□□□□□□□□
in CCNA & CCENT
Hey! Hi everyone!
I'm having a little question regarding to the NAT overload. So I've got a simple topology of 3 PCs in 10.0.0.0/8 network, that connect to the router Router1 with the IP of 10.10.10.1/8 with the "ip nat inside" command configured on the interface Fa 0/0, and the IP address 200.1.1.1/24 with "ip nat outside" command configured on the Fa 0/1 interface.
my R1 Router configuration looks like this:
interface FastEthernet0/0
ip address 10.10.10.1 255.0.0.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 200.1.1.1 255.255.255.0
ip nat outside
duplex auto
speed auto
!
ip nat inside source list 1 interface FastEthernet0/1 overload
ip classless
!
!
access-list 1 permit 10.0.0.0 0.255.255.255
!
I can ping from any pc on the 10.0.0.0/8 network to any host that is in the network 200.1.1.0/24, but the issue is that it keeps incrementing the misses in the "show ip nat statistics", after issuing the "debug ip nat" I see that this occurs:
NAT: s=10.10.10.10->200.1.1.1, d=200.1.1.100 [25]
NAT*: s=200.1.1.100, d=200.1.1.1->10.10.10.10 [24]
NAT: s=10.10.10.10->200.1.1.1, d=200.1.1.100 [26]
NAT*: s=200.1.1.100, d=200.1.1.1->10.10.10.10 [25]
NAT: s=10.10.10.10->200.1.1.1, d=200.1.1.100 [27]
NAT*: s=200.1.1.100, d=200.1.1.1->10.10.10.10 [26]
NAT: s=10.10.10.10->200.1.1.1, d=200.1.1.100 [28]
NAT*: s=200.1.1.100, d=200.1.1.1->10.10.10.10 [27]
The "ip nat translations" looks like this:
Router#show ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 200.1.1.1:29 10.10.10.10:29 200.1.1.100:29 200.1.1.100:29
icmp 200.1.1.1:30 10.10.10.10:30 200.1.1.100:30 200.1.1.100:30
icmp 200.1.1.1:31 10.10.10.10:31 200.1.1.100:31 200.1.1.100:31
icmp 200.1.1.1:32 10.10.10.10:32 200.1.1.100:32 200.1.1.100:32
What am I doing wrong? and why does it still ping if something is wrong here?
Thank you!
I'm having a little question regarding to the NAT overload. So I've got a simple topology of 3 PCs in 10.0.0.0/8 network, that connect to the router Router1 with the IP of 10.10.10.1/8 with the "ip nat inside" command configured on the interface Fa 0/0, and the IP address 200.1.1.1/24 with "ip nat outside" command configured on the Fa 0/1 interface.
my R1 Router configuration looks like this:
interface FastEthernet0/0
ip address 10.10.10.1 255.0.0.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 200.1.1.1 255.255.255.0
ip nat outside
duplex auto
speed auto
!
ip nat inside source list 1 interface FastEthernet0/1 overload
ip classless
!
!
access-list 1 permit 10.0.0.0 0.255.255.255
!
I can ping from any pc on the 10.0.0.0/8 network to any host that is in the network 200.1.1.0/24, but the issue is that it keeps incrementing the misses in the "show ip nat statistics", after issuing the "debug ip nat" I see that this occurs:
NAT: s=10.10.10.10->200.1.1.1, d=200.1.1.100 [25]
NAT*: s=200.1.1.100, d=200.1.1.1->10.10.10.10 [24]
NAT: s=10.10.10.10->200.1.1.1, d=200.1.1.100 [26]
NAT*: s=200.1.1.100, d=200.1.1.1->10.10.10.10 [25]
NAT: s=10.10.10.10->200.1.1.1, d=200.1.1.100 [27]
NAT*: s=200.1.1.100, d=200.1.1.1->10.10.10.10 [26]
NAT: s=10.10.10.10->200.1.1.1, d=200.1.1.100 [28]
NAT*: s=200.1.1.100, d=200.1.1.1->10.10.10.10 [27]
The "ip nat translations" looks like this:
Router#show ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 200.1.1.1:29 10.10.10.10:29 200.1.1.100:29 200.1.1.100:29
icmp 200.1.1.1:30 10.10.10.10:30 200.1.1.100:30 200.1.1.100:30
icmp 200.1.1.1:31 10.10.10.10:31 200.1.1.100:31 200.1.1.100:31
icmp 200.1.1.1:32 10.10.10.10:32 200.1.1.100:32 200.1.1.100:32
What am I doing wrong? and why does it still ping if something is wrong here?
Thank you!
Comments
-
Options
devils_haircut
Member Posts: 284 ■■■□□□□□□□
Is this a GNS3 environment? Just trying to get a better idea of what's going on. NAT misses aren't necessarily a sign of a problem unless they are a large proportion of the translations, if I'm reading correctly (haven't taken the CCNA yet). -
OptionsGaro
Member Posts: 20 ■□□□□□□□□□
Nope, its just packet tracer.. I just dont see the reason of the misses..
-
Optionsmagiclamp
Member Posts: 3 ■□□□□□□□□□
Hi Garo,
Please reconfigure the same topology in GNS3. You may get strange errors sometime with packet tracer. Please try it in GNS3 and tell us the result.