Re: NAT: address not stolen for

From: "Hansang Bae" <uonr@xxxxxxxxxx>
Date: Tue, 29 Nov 2005 05:11:57 GMT

biscotti.macdonald@xxxxxxxxx wrote:
[snip: nat problems]
> 02:33:25: NAT: failed to allocate address for 172.16.96.2, list/map 3
> and
> 02:33:25: NAT: address not stolen for 172.16.96.2, proto 1 port 512
>
> Do you have to a seperate WAN public IP address to overload on for
> each nat pool or can you overload multiple vlans on the same WAN IP?
>
> Here are relevant parts of the config:
>
> interface FastEthernet0/0.2
> description PCG Administration and OPS
> encapsulation dot1Q 2
> ip address 192.168.96.1 255.255.255.128
> no ip directed-broadcast
> ip nat inside
> no ip route-cache
> no ip mroute-cache

Why did you turn of route-cache out of curiosity?

> !
> interface FastEthernet0/0.3
> description PCG CONFERENCE ROOMS
> encapsulation dot1Q 3
> ip address 172.16.96.1 255.255.255.128
> no ip directed-broadcast
> ip nat inside
> no ip route-cache
> no ip mroute-cache
> !
> ip nat pool PCC 68.223.124.183 68.223.124.183 prefix-length 25
> ip nat inside source list 2 pool PCC overload
> ip nat inside source list 3 pool PCC overload
> !
> access-list 2 permit 192.168.96.0 0.0.0.255
> access-list 3 permit 172.16.96.0 0.0.0.255
>

Did you try using one list and using it in your pool?

access-list 2 permit 192.168.96.0 0.0.0.255
access-list 2 permit 172.16.96.0 0.0.0.255

--

hsb

"Somehow I imagined this experience would be more rewarding" Calvin
**************************ROT13 MY ADDRESS*************************
Due to the volume of email that I receive, I may not not be able to
reply to emails sent to my account. Please post a followup instead.
********************************************************************
.

Follow-Ups:
- Re: NAT: address not stolen for
  - From: biscotti . macdonald

References:
- NAT: address not stolen for
  - From: biscotti . macdonald

Prev by Date: pix nat questions
Next by Date: No routing after AD password change (PIX + IAS + PPTP VPN)
Previous by thread: NAT: address not stolen for
Next by thread: Re: NAT: address not stolen for
Index(es):
- Date
- Thread

Relevant Pages

Re: DSL through 1605R
... Your nat pool does not translate to outside e0 eth address. ... You should have ip nat inside source list 101 int e0 overload ... modem web based admin, but I cant get the internet through. ...
(comp.dcom.sys.cisco)
Re: Order significance for PIX nat / global statements?
... >> Studying PIX firewall configuration I'm confused by some contradictions ... > addition to the two nat statements shown above. ... >> PAT address pool? ... > The PIX will NAT first, then PAT. ...
(comp.security.firewalls)
Re: Work with techies that dont help you out.
... > Let's say I have a router. ... Doing NAT. ... it is quite common to have a pool of public ... If you make an outbound connection, you might receive the first IP ...
(Security-Basics)
Re: What is NAT pool "prefix-length" for?
... is for in the NAT pool command? ... The same thing that "netmask" does, it identifies the network that the ... The router has three basic jobs with respect to NAT. ... That task does not involve a netmask. ...
(comp.dcom.sys.cisco)
Re: PPTP through NAT
... a small group of true NAT addresses and a single ... Using ACLs I specifically denied PPTP traffic on the PAT ... If I use a pool of global addresses with PAT, like below, I can't ... ip nat pool connect-nat 130.123.109.3 130.123.109.40 prefix-length 24 ...
(comp.dcom.sys.cisco)