IOS Nat with multiple outside interfaces & pools

Discussion in 'Cisco' started by zavrik, Nov 7, 2007.

  1. zavrik

    zavrik

    Joined:
    Nov 7, 2007
    Messages:
    3
    Hi!
    I've tried various examples, including from this newsgroup, but none seem to work properly.
    Here's my scenario:
    I have a 3845 with IOS 12.4(11)T2. 4 interfaces, 1 looks into LAN (172.16 net), 2nd also looks into a LAN, with 1.1.1 subnet (a local necessity, presents no problems), both LAN interfaces marked as "nat inside" and packets from them accepted fine. 3rd looks into copropare network with 10.xxx subnet, and 4th looks into Internet.
    What I need:
    When I'm trying to send something from 172.16.0.0/24 subnet to corporate 10 network, it gets natted out on the 10.1.14.26 interface (AND, if the packets are destined for 192.168 net, they are not natted). When I'm trying to send something from 1.1.1 subnet to the Internet (i.e. all other destinations), it gets natted out on the 89.x.x.x interface.
    All routes are done correctly, from router everything works.

    Current config:

    interface GigabitEthernet0/0
    description office_LAN
    ip address 172.16.0.1 255.255.0.0
    ip nat inside
    ip virtual-reassembly
    !
    interface GigabitEthernet0/2
    description Corp_link
    ip address 10.1.14.26 255.255.255.248
    ip nat outside
    ip virtual-reassembly
    !
    interface GigabitEthernet0/3
    description ProxyLAN
    ip address 1.1.1.1 255.255.255.252
    ip nat inside
    ip virtual-reassembly
    !
    interface GigabitEthernet0/1
    ip address 89.x.x.x 255.255.255.240
    ip nat outside
    ip virtual-reassembly



    ip nat pool CORP 10.1.14.26 10.1.14.26 prefix-length 29
    ip nat pool Tyrnet 89.x.x.x 89.x.x.x prefix-length 28
    ip nat inside source route-map CorpMAP pool CORP overload
    ip nat inside source route-map NatMAP pool Tyrnet overload


    access-list 2000 permit ip host 1.1.1.2 any
    access-list 2001 deny ip 172.16.0.0 0.0.255.255 192.168.0.0 0.0.255.255
    access-list 2001 permit ip 172.16.0.0 0.0.0.255 any
    !
    !
    !
    route-map NatMAP permit 10
    match ip address 2000
    !
    route-map CorpMAP permit 1
    match ip address 2001


    Problem:
    The Internet pool and map works perfect, pings fly.
    The CORP pool and map seem not to work at all, when I try from a 172.16.0 workstation it replies:
    Tracing route to 10.0.34.65 over a maximum of 30 hops
    1 <1 ms <1 ms <1 ms 172.16.0.1
    2 * 172.16.0.1 reports: Destination host unreachable.


    What could it be??? Judging by Cisco's own examples with multiple pools, this should work....
     
    zavrik, Nov 7, 2007
    #1
    1. Advertising

  2. zavrik

    zavrik

    Joined:
    Nov 7, 2007
    Messages:
    3
    Emm... no one has an answer?
    :confused: :confused:
     
    zavrik, Nov 15, 2007
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Kevin
    Replies:
    4
    Views:
    4,909
    Martin Gallagher
    Nov 28, 2003
  2. Matthew Melbourne
    Replies:
    2
    Views:
    7,416
    Matthew Melbourne
    Feb 12, 2005
  3. dt1649651@yahoo.com

    nat from outside to outside

    dt1649651@yahoo.com, Aug 21, 2005, in forum: Cisco
    Replies:
    1
    Views:
    642
    Sean.Evershed@gmail.com
    Aug 21, 2005
  4. Jack
    Replies:
    0
    Views:
    723
  5. wybenga

    NAT on 2 outside interfaces

    wybenga, Apr 24, 2009, in forum: Cisco
    Replies:
    1
    Views:
    1,025
    wybenga
    Apr 24, 2009
Loading...

Share This Page