We are currently attempting some NAT on a CISCO router but the following error keeps occurring; Description of Fault: Basically, the Network Address Translation is functioning correctly, however when communication is established between our network, and the third party network, every second packet is dropped. This occurs because the gateway address on the second packet is changed to the destination address instead of the next hop address. Below is a copy of the debug output from the router, with debug ip nat, and debug ip packet. Dec 4 02:20:32: NAT*: s=10.0.20.20->165.67.60.81, d=165.67.60.65 [28693] Dec 4 02:20:32: NAT*: s=165.67.60.81, d=165.67.60.65->10.12.10.15 [28693] Dec 4 02:20:33: NAT: s=10.12.10.15->165.67.60.65, d=165.67.60.81 [38251] Dec 4 02:20:33: NAT: s=165.67.60.65, d=165.67.60.81->10.0.20.20 [38251] Dec 4 02:20:33: IP: s=165.67.60.65 (Serial0/0.200), d=10.0.20.20 (Ethernet0/0), g=10.0.205.1, len 60, forward Dec 4 02:20:33: NAT*: s=10.0.20.20->165.67.60.81, d=165.67.60.65 [29717] Dec 4 02:20:33: NAT*: s=165.67.60.81, d=165.67.60.65->10.12.10.15 [29717] Dec 4 02:20:34: NAT: s=10.12.10.15->165.67.60.65, d=165.67.60.81 [38252] Dec 4 02:20:34: NAT: s=165.67.60.65, d=165.67.60.81->10.0.20.20 [38252] Dec 4 02:20:34: IP: s=165.67.60.65 (Serial0/0.200), d=10.0.20.20 (Ethernet0/0), g=10.0.20.20, len 60, forward Dec 4 02:20:34: IP: s=165.67.60.65 (Serial0/0.200), d=10.0.20.20 (Ethernet0/0), len 60, encapsulation failed As can be seen, in the first instance the gateway address is 10.0.205.1, in the second instance the gateway address is the same as the destination address 10.0.20.20. This problem is consistent in that every second packet fails. We have tried the following to fix it; Since then we have had the following recommendations: Turn off the route caching Change the command ip route 165.67.60.80 255.255.255.240 ethernet0 to ip route 165.67.60.80 255.255.255.240 10.0.205.1 We have been recommended to upgrade the IOS to 12.1 or greater, unfortunately this requires a RAM upgrade which we are not prepared to do with assurances that this will resolve the problem. Any suggestions would be greatly appreciated. John Taylor - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
