GroupStudy.com - CCIE, CCNA, CCNP and other Cisco Certifications

Home

BookStore

StudyNotes

Links

[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]

Subject: Re: prefix-len in a nat pool
From: "Sergey Golovanov" <sergey.golovanov@xxxxxxxxxxxx>
Date: Fri, 02 Feb 2007 15:39:54 -0500

yes, this of course won't work:

ip nat pool S4-3 200.1.3.111 200.1.3.111 netmask 255.255.255.252

200.1.3.111 is the broadcast address in the 200.1.3.108/30 subnet

try this instead, and it will work:

ip nat pool S4-3 200.1.3.110 200.1.3.110 netmask 255.255.255.252

or

ip nat pool S4-3 200.1.3.109 200.1.3.109 netmask 255.255.255.252


--------------------------------------------------------------------
Sergey Golovanov, CCIEx5 (R&S/Security/Voice/Service Provider/Storage)
"Please, don't ask me for my ccie #, there are reasons why I can't release it"
ieMentor Instructor and Content Developer
sergey.golovanov@xxxxxxxxxxxx
http://www.iementor.com


>  -------Original Message-------
>  From: Bit Gossip <bit.gossip@xxxxxxxxx>
>  Subject: prefix-len in a nat pool
>  Sent: Feb 02 '07 13:22
>  
>  Hi Group,
>  I can not catch the meanining of this optional parameter of a NAT pool
>  as it is explained in the DocCD. Plus I noticed that if it is not set
>  correctly (i dont know what is correct) NAT doesnt work as from the
>  following example.
>  What is this option? What should it be set to?
>  Thanks,
>  Luca.
>  
>  ~~~~~~~~~~~~~~~~~~
>  ~ Working config ~
>  ~~~~~~~~~~~~~~~~~~
>  
>  ip nat pool S4-3 200.1.3.111 200.1.3.111 netmask 255.255.255.0
>  ip nat inside source list 143 pool S4-3 overload
>  !
>  access-list 143 deny   ip 192.168.11.0 0.0.0.255 host 192.168.41.4
>  access-list 143 permit ip 192.168.11.0 0.0.0.255 any
>  
>  NAT: address not stolen for 192.168.11.1, proto 1 port 69
>  NAT: creating portlist proto 1 globaladdr 200.1.3.111
>  NAT: Allocated Port for 192.168.11.1 -> 200.1.3.111: wanted 69 got 69
>  NAT: i: icmp (192.168.11.1, 69) -> (192.168.41.40, 69) [229]    
>  NAT: s=192.168.11.1->200.1.3.111, d=192.168.41.40 [229]
>  NAT: o: icmp (192.168.41.40, 69) -> (200.1.3.111, 69) [229]    
>  NAT: s=192.168.41.40, d=200.1.3.111->192.168.11.1 [229]
>  
>  -> works
>  
>  ~~~~~~~~~~~~~~~~~~~~~~
>  ~ NOT Working config ~
>  ~~~~~~~~~~~~~~~~~~~~~~
>  
>  ip nat pool S4-3 200.1.3.111 200.1.3.111 netmask 255.255.255.252
>  ip nat inside source list 143 pool S4-3 overload
>  !
>  access-list 143 deny   ip 192.168.11.0 0.0.0.255 host 192.168.41.4
>  access-list 143 permit ip 192.168.11.0 0.0.0.255 any
>  
>  
>  NAT: address not stolen for 192.168.11.1, proto 1 port 70
>  NAT: failed to allocate address for 192.168.11.1, list/map 143
>  NAT*: Can't create new inside entry - forced_punt_flags: 0
>  NAT: address not stolen for 192.168.11.1, proto 1 port 70
>  NAT: failed to allocate address for 192.168.11.1, list/map 143
>  NAT: translation failed (A), dropping packet s=192.168.11.1
>  d=192.168.41.40
>  
>  _______________________________________________________________________
>  Subscription information may be found at:
>  http://www.groupstudy.com/list/CCIELab.html

Prev by Date: Re: FW: CCIE Security Lab Workbook Advice
Next by Date: Re: Static Nat with extendable option?
Previous by thread: prefix-len in a nat pool
Next by thread: Help On MQC POLICE command
Index(es):
- Date
- Thread