kamal_1352
join:2008-07-03
|  [HELP] NAT and overload Problem
Hi all
I have a 2811 Cisco Router with 2 Fast Ethernet now I want to NAT All users who have invalid IP(172.16.207.0/24) with 127 Ip Address(194.225.175.128-254) and except if user want to connect to special IP(217.174.16.20) all packet nat with 194.225.175.1, I set it:
access-list 111 permit icmp any host 217.174.16.20
access-list 111 permit ip any host 217.174.16.20
access-list 112 deny ip any host 217.174.16.20
access-list 112 permit ip 172.16.207.0 0.0.0.255 any
ip nat pool Special 194.225.175.1 194.225.175.1 netmask 255.255.255.0
ip nat pool Users 194.225.175.129 194.225.175.254 netmask 255.255.255.0
ip nat inside source list 111 pool Special overload
ip nat inside source list 112 pool Users overload
Now I have 2 Problem:
if I set overload I see all users assign to first IP of Pool Users and after fill all socket on this IP assign another IP to them, if I clear overload from nat Users after 5 hours I see all IP into this pool assign to users however some of those IP's does not assign to current user(user get service and go out but IP didnot free) in that time if I type "Clear IP NAT Translations *" Natting pool assign from begin and free IP but it is Manually not automatically this is first problem, and I see another problem if I does not use Overload in nat Users: on that state it doesnot work first NAT (Special nat) because all users and all service from IP on pool users!!!!!
Now I want to setting for Natting assign all ip in pool to users without fulling and work nat special.
Opssss!!!!!! Please help me!
thanks
Kamal
|
|
aryoba
Premium,MVM
join:2002-08-22
| In general, you can't design such network to expect connection stability. You need multiple routers where one router has single gateway to use to reach 217.174.16.20, one router has single gateway to use to reach other destination IP addresses, and one router as the internal LAN routing to decide if the route should go through the 1st router to reach 217.174.16.20 or to go through the 2nd router to reach other destination. |
|
kamal_1352
join:2008-07-03 | Thank you Aryoba for your answer,
after I set overload for all command ip nat inside...
It works true but I have need to set without overload this is my problem!
thank you
Kamal |
|
aryoba
Premium,MVM
join:2002-08-22
| I sense there are more of this story. You mention the requirement of having specific Public IP address to reach specific destination. However you didn't mention the why.
Usually servers need to always use the same Public IP address to access the Internet due to DNS A record among other things. I'm not sure if this applies to your situation.
Therefore let me ask you this to verify. Why do you need to set up such NAT requirement? What are you trying to achieve? |
|
