Hi
I'm having troubles with my Cisco 2610 (IOS 12.2(21)). I'm running NAT, which is working just fine, but recently I got a strange error when trying to connect a VPN-tunnel from inside the router to a network outside.
I get tons of (10.0.17.53 is the client inside the router):
1d01h: NAT: translation failed (A), dropping packet s=10.0.17.53 d=192.6.x.x
This is weird, because it seems to be NATing ok. Got this a few packets before the one above:
1d01h: NAT*: i: udp (10.0.17.53, 500) -> (192.6.x.x, 500) [6851]
1d01h: NAT*: s=10.0.17.53->213.113.y.y, d=192.6.x.x [6851]
1d01h: NAT*: o: udp (192.6.x.x, 500) -> (213.113.y.y, 500) [16623]
1d01h: NAT*: s=192.6.x.x, d=213.113.y.y->10.0.17.53 [16623]
So I'm really confused now. Doesn't "s=10.0.17.53 d=192.6.x.x" mean that it tries to NAT a packet from inside to 192.6.x.x? How can that fail?
Here's the important parts of my config:
ip subnet-zero
!
ip dhcp pool inside
network 10.0.17.0 255.255.255.0
default-router 10.0.17.2
!
interface Ethernet0/0
ip address 10.0.17.2 255.255.255.0
ip nat inside
half-duplex
no cdp enable
!
interface Ethernet1/0
ip address dhcp
no ip proxy-arp
ip nat outside
half-duplex
no cdp enable
!
ip nat translation timeout 3600
ip nat translation tcp-timeout 3600
ip nat translation udp-timeout 3600
ip nat translation icmp-timeout 3600
ip nat inside source list 1 interface Ethernet1/0 overload
ip classless
access-list 1 permit 10.0.17.0 0.0.0.255
no cdp run
I'm having troubles with my Cisco 2610 (IOS 12.2(21)). I'm running NAT, which is working just fine, but recently I got a strange error when trying to connect a VPN-tunnel from inside the router to a network outside.
I get tons of (10.0.17.53 is the client inside the router):
1d01h: NAT: translation failed (A), dropping packet s=10.0.17.53 d=192.6.x.x
This is weird, because it seems to be NATing ok. Got this a few packets before the one above:
1d01h: NAT*: i: udp (10.0.17.53, 500) -> (192.6.x.x, 500) [6851]
1d01h: NAT*: s=10.0.17.53->213.113.y.y, d=192.6.x.x [6851]
1d01h: NAT*: o: udp (192.6.x.x, 500) -> (213.113.y.y, 500) [16623]
1d01h: NAT*: s=192.6.x.x, d=213.113.y.y->10.0.17.53 [16623]
So I'm really confused now. Doesn't "s=10.0.17.53 d=192.6.x.x" mean that it tries to NAT a packet from inside to 192.6.x.x? How can that fail?
Here's the important parts of my config:
ip subnet-zero
!
ip dhcp pool inside
network 10.0.17.0 255.255.255.0
default-router 10.0.17.2
!
interface Ethernet0/0
ip address 10.0.17.2 255.255.255.0
ip nat inside
half-duplex
no cdp enable
!
interface Ethernet1/0
ip address dhcp
no ip proxy-arp
ip nat outside
half-duplex
no cdp enable
!
ip nat translation timeout 3600
ip nat translation tcp-timeout 3600
ip nat translation udp-timeout 3600
ip nat translation icmp-timeout 3600
ip nat inside source list 1 interface Ethernet1/0 overload
ip classless
access-list 1 permit 10.0.17.0 0.0.0.255
no cdp run
