NAT Pools and Subnet Zero

Available Languages

Download Options

  • PDF     (8.4 KB)
    View with Adobe Reader on a variety of devices
Updated:January 28, 2008
Document ID:13777

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Introduction

This document discusses how Network Address Translation (NAT) pools are subject to subnet zero rules just like any other IP addresses.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

This document is not restricted to specific software and hardware versions.

The information presented in this document was created from devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If you are working in a live network, ensure that you understand the potential impact of any command before using it.

Background Theory

When you configure a NAT pool such that the addresses within the pool are part of subnet zero, NAT translation fails.

Conventions

Refer to Cisco Technical Tips Conventions for more information on document conventions.

Configure

In this section, you are presented with the information to configure the features described in this document.

Note: In order to find additional information on the commands used in this document, use the Command Lookup Tool (registered customers only) .

Network Diagram

This document uses this network setup:

7a.gif

In this configuration example, the inside device has a default route of the NAT router. The outside device has a static route to an address to which the inside device is translated. The NAT router has this NAT configuration: 

ip nat pool test 171.68.1.1 171.68.1.10 netmask  255.255.240.0
ip nat inside source list 7 pool test 

interface s 0
ip address 171.16.4.6 255.255.255.0
ip nat inside

interface s 1
ip address 171.16.6.6 255.255.255.0
ip nat outside

access-list 7 permit host 171.16.4.4

Notice that the addresses in the NAT pool test are subnet zero addresses. The ping from the inside device to the outside device fails because no translation occurs. If you run the debug ip nat command on the NAT router, it reveals these messages: 

NAT: translation failed (A), dropping packet s=171.16.4.4 d=171.16.6.5
NAT: translation failed (A), dropping packet s=171.16.4.4 d=171.16.6.5
NAT: translation failed (A), dropping packet s=171.16.4.4 d=171.16.6.5
NAT: translation failed (A), dropping packet s=171.16.4.4 d=171.16.6.5
NAT: translation failed (A), dropping packet s=171.16.4.4 d=171.16.6.5

Note: The "(A)" in the debug output means that translation failed after routing occurred.

Note: In order to avoid this problem, configure the ip subnet-zero command in the NAT router. The command is enabled by default in Cisco IOS® Software Release 12.0. In earlier Cisco IOS software releases, it is not enabled by default. If the NAT is not configured properly when used with PAT, then NAT translation can fail. These are the NAT translation failure codes: 

 A = Inside to outside fails after routing
 B = Outside to inside fails before routing
 C = Outside to inside fails after routing 
 D = Helpered fails 
 L = Internally generated packet fails 
 E = Inside to outside fails after routing

Related Information

Revision History

Revision Publish Date Comments
1.0
28-Jan-2008
Initial Release

Was this Document Helpful?

FeedbackFeedback

Contact Cisco