unexpected behaviour or NAT or i am overlooking

From: Ahmed Mamoor Amimi (mamoor@xxxxxxxx)
Date: Fri Feb 22 2002 - 18:09:51 GMT-3

   
Hi,
    I have very very simple NAT :
        (inside)R1---------------(e0)R2(NAT)(e1)-----------R3(outside)
R2 : 192.168.1.1 ---> e0
       10.10.10.1 -----> e1
R2 : 192.168.1.2
R3 : 10.10.10.2

At R2 i have stated :
ip nat inside static 192.168.1.2 10.10.10.10
When ever ip add 192.168.1.2 comes translate it to 10.10.10.10

ip nat outside static 10.10.10.2 192.168.1.100
When ever ip add 10.10.10.2 comes translate it to 192.168.1.100

R1 and R3 are having a default route to R2.

When i ping from R1 it is successful and translation occur.
    As R1 is inside so routing first occur then translation.

When i ping from R3 it is not successful but translation occur
    As R3 is outside translation occur then routing.

R3 is sending the packet to R1 and R1 is reciveing it as a source of
192.168.1.100, as NAT translate from 10.10.10.2 --> 192.168.1.100
And R1 is also send the packet to destination of 192.168.1.100 but when R2
recive it , it returns the packet to the same ethernet and dont let to packet
been return translated to 10.10.10.2 as 192.168.1.100 --> 10.10.10.2

here is the debug of R1 when i ping from R3
r1#
01:23:43: IP: s=192.168.1.100 (Ethernet0), d=192.168.1.2, len 100, rcvd 1
01:23:43: ICMP type=8, code=0
01:23:43: IP: s=192.168.1.2 (local), d=192.168.1.100 (Ethernet0), len 100,
sendi
ng
01:23:43: ICMP type=0, code=0
r1#
01:23:45: IP: s=192.168.1.100 (Ethernet0), d=192.168.1.2, len 100, rcvd 1
01:23:45: ICMP type=8, code=0
01:23:45: IP: s=192.168.1.2 (local), d=192.168.1.100 (Ethernet0), len 100,
sendi
ng
01:23:45: ICMP type=0, code=0

it is clearing saying that it is reciving the ping from 192.168.1.100 and then
sending back to it but when R2 gets it packet it say :

01:16:12: IP: s=192.168.1.2 (Ethernet0), d=192.168.1.100 (Ethernet0), len 100,
r
cvd 3
01:16:12: ICMP type=0, code=0
01:16:12:
framer7#
01:16:14: IP: s=192.168.1.2 (Ethernet0), d=192.168.1.100 (Ethernet0), len 100,
r
cvd 3
01:16:14: ICMP type=0, code=0

it is clear that R2 is recives the packet from R1 then it return the packet to
ethernet 0 .

........
The funny thing is that when i directly ping from R1 to address 192.168.1.100
then it succeed.
here is the debug of R2 :

01:31:32: ICMP type=0, code=0
01:31:32:
01:31:33: IP: s=192.168.1.2 (Ethernet0), d=192.168.1.100 (Ethernet0), len 100,
r
cvd 3
01:31:33: ICMP type=8, code=0
01:31:33:
01:31:33: IP: s=192.168.1.100 (local), d=192.168.1.2 (Ethernet0), len 100,
sendi
ng
01:31:33: ICMP type=0, code=0
01:31:33:
01:31:33: IP: s=192.168.1.2 (Ethernet0), d=192.168.1.100 (Ethernet0), len 100,
r
cvd 3
01:31:33: ICMP type=8, code=0
01:31:33:
01:31:33: IP: s=192.168.1.100 (local), d=192.168.1.2 (Ethernet0), len 100,
sendi
ng
01:31:33: ICMP type=0, code=0

Summary : from R1 i can ping to R3 translated
                 from R3 i cant ping R1 translated
R1 is in inside
R3 is in outside

-Mamoor

This archive was generated by hypermail 2.1.4 : Thu Jun 20 2002 - 13:46:31 GMT-3