Try "show ip nat translations" instead (if too much, add " | i 218.233.198.25" to that).
You'll get a raw output on the source and destination. Chances are these will match up to your static translation with 172.30.50.207. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Spencer Barnes Sent: Tuesday, February 26, 2008 09:34 To: cisco-nsp@puck.nether.net Subject: [c-nsp] Not Understanding How External IPs Are Appearing In Show IPNAT Statistics Output Hello, I'm seeing something I don't understand in the output of the show ip nat statistics command. Our border router has two interfaces, a DS3 and an uplink to our core router. The border router is running NAT on the uplink interface to allow particular LAN users access through the DS3 on one external IP. Here is the NAT config: ip nat translation timeout 28800 ip nat translation tcp-timeout 3600 ip nat translation max-entries all-host 300 ip nat pool poolone xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx netmask 255.255.255.192 ip nat inside source list 110 pool poolone overload ip nat inside source static 172.30.50.207 xxx.xxx.xxx.xxx access-list 110 remark ----NAT Rules---- access-list 110 deny ip 172.30.50.0 0.0.0.255 172.30.100.0 0.0.0.255 access-list 110 permit ip 172.30.50.0 0.0.0.255 any access-list 110 permit ip host 192.168.60.10 any access-list 110 permit ip host 192.168.60.11 any access-list 110 permit ip host 192.168.60.22 any access-list 110 permit ip host 192.168.60.30 any access-list 110 permit ip host 192.168.60.31 any access-list 110 permit ip host 192.168.60.115 any access-list 110 permit ip host 192.168.60.94 any access-list 110 permit ip host 192.168.60.95 any access-list 110 permit ip host 192.168.60.96 any access-list 110 permit ip host 192.168.60.97 any access-list 110 permit ip host 192.168.60.98 any show ip nat statistics command output: xxxxxx#show ip nat statistics Total active translations: 387 (1 static, 386 dynamic; 386 extended) Outside interfaces: Serial1/0 Inside interfaces: FastEthernet2/0 Hits: 135555 Misses: 3730 CEF Translated packets: 139179, CEF Punted packets: 234 Expired translations: 3271 Dynamic mappings: -- Inside Source [Id: 1] access-list 110 pool poolone refcount 386 pool poolone: netmask 255.255.255.192 start xxx.xxx.xxx.xxx end xxx.xxx.xxx.xxx type generic, total addresses 1, allocated 1 (100%), misses 0 nat-limit statistics: All Host Max allowed: 300 host 172.30.50.128: max allowed 512, used 1, missed 0 host 219.153.40.149: max allowed 512, used 0, missed 0 host 172.30.50.131: max allowed 300, used 5, missed 0 host 192.168.60.94: max allowed 512, used 0, missed 0 host 192.168.60.95: max allowed 512, used 0, missed 0 host 218.234.41.8: max allowed 512, used 0, missed 0 host 221.7.183.84: max allowed 512, used 0, missed 0 host 172.30.50.196: max allowed 512, used 0, missed 0 host 172.30.50.201: max allowed 512, used 0, missed 0 host 192.168.60.10: max allowed 512, used 0, missed 0 host 192.168.60.11: max allowed 512, used 0, missed 0 host 222.161.2.23: max allowed 300, used 0, missed 0 host 123.123.236.129: max allowed 512, used 0, missed 0 host 137.78.158.42: max allowed 512, used 0, missed 0 host 172.30.50.5: max allowed 512, used 6, missed 0 host 218.63.236.143: max allowed 300, used 0, missed 0 host 172.30.50.9: max allowed 512, used 0, missed 0 host 172.30.50.21: max allowed 512, used 3, missed 0 host 172.30.50.22: max allowed 512, used 0, missed 0 host 172.30.50.23: max allowed 512, used 2, missed 0 host 172.30.50.24: max allowed 512, used 3, missed 0 host 172.30.50.25: max allowed 512, used 4, missed 0 host 121.14.136.101: max allowed 512, used 0, missed 0 host 218.3.134.250: max allowed 512, used 0, missed 0 host 172.30.50.41: max allowed 512, used 22, missed 0 host 88.247.81.84: max allowed 512, used 0, missed 0 host 172.30.50.105: max allowed 512, used 1, missed 0 host 218.233.198.25: max allowed 512, used 0, missed 0 host 58.221.252.230: max allowed 512, used 0, missed 0 Queued Packets: 0 The 172.30.50.0/24 subnet is used by our users. Why are IPs from external networks showing up in this output, such as 218.233.198.25 and 58.221.252.230? Shouldn't the only IPs in this command output be the ones I permitted via the ACL? Thank you for your help, Spencer _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/