「show run」と「show ip int brief」は「show ip nat translations」下記の通り
Router#show run
Building configuration...
Current configuration : 1258 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 192.168.96.254 255.255.254.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface Dialer1
mtu 1454
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname xxxx
ppp chap password 0 xxxx
!
ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 Dialer1 permanent
!
!
ip nat translation timeout 50
no ip nat service skinny tcp port 2000
ip nat inside source list 101 interface FastEthernet0/0 overload
!
access-list 101 permit ip 192.168.96.0 0.0.1.255 any
dialer-list 1 protocol ip permit
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
login
!
!
end
Router#show ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES NVRAM up up
FastEthernet0/1 unassigned YES NVRAM administratively down down
FastEthernet1/0 192.168.96.254 YES manual up up
NVI0 unassigned NO unset up up
Virtual-Access1 unassigned YES unset up up
Virtual-Access2 unassigned YES unset up up
Dialer1 10.1.2.2 YES IPCP up up
Router#show ip nat translations
(↑何も表示されません)
デバッグ結果
Router#debug ip nat
IP NAT debugging is on
*Mar 1 00:50:34.659: NAT: translation failed (A), dropping packet s=192.168.96.1 d=10.1.3.254
*Mar 1 00:50:35.627: NAT: translation failed (A), dropping packet s=192.168.96.1 d=10.1.3.254
*Mar 1 00:50:36.631: NAT: translation failed (A), dropping packet s=192.168.96.1 d=10.1.3.254
*Mar 1 00:50:37.647: NAT: translation failed (A), dropping packet s=192.168.96.1 d=10.1.3.254
*Mar 1 00:50:38.655: NAT: translation failed (A), dropping packet s=192.168.96.1 d=10.1.3.254
CCOによると「ip subnet-zero」が設定されていないのが原因でないのかと。
でも、12.4はデフォルトでip subnet-zeroは有効になっているハズなので他に原因があるのかと。
で、よくconfigを見てみると
ip nat inside source list 101 interface FastEthernet0/0 overload
となっていて、
show ip int briefでIPアドレスが割り振られているインターフェースを確認するとDialer1になっている
もしかしてこれが原因かと思い、アドレス変換に使用するインターフェースを下記コマンドにて
「f0/0 → dia1」に変更
no ip nat inside source list 101 interface FastEthernet0/0 overload
ip nat inside source list 101 interface Dialer1 overload
アドレス変換対象のIPアドレスを持つホストからping中だったりすると下記メッセージが出るけど「yes」
Dynamic mapping in use, do you want to delete all entries? [no]: yes
設定変更後の「show ip nat translations」と「debug ip nat」
Router#show ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 10.1.2.2:63238 192.168.96.1:63238 10.1.3.254:63238 10.1.3.254:63238
Router#debug ip nat
IP NAT debugging is on
*Mar 1 02:10:37.355: NAT*: s=192.168.96.1->10.1.2.2, d=10.1.3.254 [0]
*Mar 1 02:10:37.379: NAT*: s=10.1.3.254, d=10.1.2.2->192.168.96.1 [0]
*Mar 1 02:10:38.355: NAT*: s=192.168.96.1->10.1.2.2, d=10.1.3.254 [0]
*Mar 1 02:10:38.391: NAT*: s=10.1.3.254, d=10.1.2.2->192.168.96.1 [0]
*Mar 1 02:10:39.363: NAT*: s=192.168.96.1->10.1.2.2, d=10.1.3.254 [0]
*Mar 1 02:10:39.391: NAT*: s=10.1.3.254, d=10.1.2.2->192.168.96.1 [0]
*Mar 1 02:10:40.355: NAT*: s=192.168.96.1->10.1.2.2, d=10.1.3.254 [0]
*Mar 1 02:10:40.399: NAT*: s=10.1.3.254, d=10.1.2.2->192.168.96.1 [0]
*Mar 1 02:10:41.379: NAT*: s=192.168.96.1->10.1.2.2, d=10.1.3.254 [0]
*Mar 1 02:10:41.431: NAT*: s=10.1.3.254, d=10.1.2.2->192.168.96.1 [0]
*Mar 1 02:10:42.367: NAT*: s=192.168.96.1->10.1.2.2, d=10.1.3.254 [0]
*Mar 1 02:10:42.411: NAT*: s=10.1.3.254, d=10.1.2.2->192.168.96.1 [0]
上記の事から、仮想インターフェースに紐づけられている物理インターフェースといえどもIPアドレスが振られていないインターフェースを指定するとアドレス変換に失敗するみたいです
ちなみに、translation failed ( )の中の意味(CCOより抜粋)
A = Inside to outside fails after routing
B = Outside to inside fails before routing
C = Outside to inside fails after routing
D = Helpered fails
L = Internally generated packet fails
E = Inside to outside fails after routing
以上となります