From: Ahmed Mamoor Amimi (mamoor@xxxxxxxx)
Date: Fri Feb 22 2002 - 21:23:38 GMT-3
I think i got the answer.... it was just because that when R3 pings R1 , ...
R3 address is translated to 192.168.1.100 . R2 gets
the packet and first translate then route (as R3 on outside network) ...
when on return from R1, R2 first ROUTE then translate. So the point is
route.... as the address 192.168.1.100 is of the same major network that is
192.168.1.x found on R2 ehternet 0 so R2 just thinks that this packet belong
to the same subnet why should i pass it to E1.
I just configure it a different way that when R3 address is translated it
will translate to 2.2.2.2 but this also didnt worked. after some
investigation i found that R2 is getting "non-routable 2.2.2.2" as when on
retun it will first "ROUTE THEN TRANSLATE" on inside network. So i just put
a static route that u can find 2.2.2.2 on R3.... and u know what everything
works fine.
The problem was that the translated address for R1 and R3 was from there
respective networks that is R1 was getting 10.10.10.10 which reside between
R2 and R3 and R3 was getting translated to 192.168.1.100 which is between R1
and R2.
My configs are all right as this is the normal behaviour of NAT so
should watch out when translating dont give the address from that traget
network pool.
Also see :
http://www.cisco.com/warp/public/556/1.html
http://www.cisco.com/warp/public/556/2.html
-Mamoor
----- Original Message -----
From: George Hansen <HansenG@radiological.com>
To: <ccielab@groupstudy.com>
Cc: <mamoor@ieee.org>
Sent: Saturday, February 23, 2002 4:22 AM
Subject: Re: unexpected behaviour or NAT or i am overlooking
> What would make R2 generate the Ping response for address 192.168.1.100
(see R2 debug s=192.168.1.100 (local))? I suspect there is something in your
config on R2.
>
> George
>
> >>> "Ahmed Mamoor Amimi" <mamoor@ieee.org> 02/22/02 01:09PM >>>
> Hi,
> I have very very simple NAT :
> (inside)R1---------------(e0)R2(NAT)(e1)-----------R3(outside)
> R2 : 192.168.1.1 ---> e0
> 10.10.10.1 -----> e1
> R2 : 192.168.1.2
> R3 : 10.10.10.2
>
> At R2 i have stated :
> ip nat inside static 192.168.1.2 10.10.10.10
> When ever ip add 192.168.1.2 comes translate it to 10.10.10.10
>
> ip nat outside static 10.10.10.2 192.168.1.100
> When ever ip add 10.10.10.2 comes translate it to 192.168.1.100
>
> R1 and R3 are having a default route to R2.
>
> When i ping from R1 it is successful and translation occur.
> As R1 is inside so routing first occur then translation.
>
> When i ping from R3 it is not successful but translation occur
> As R3 is outside translation occur then routing.
>
>
> R3 is sending the packet to R1 and R1 is reciveing it as a source of
> 192.168.1.100, as NAT translate from 10.10.10.2 --> 192.168.1.100
> And R1 is also send the packet to destination of 192.168.1.100 but when
R2
> recive it , it returns the packet to the same ethernet and dont let to
packet
> been return translated to 10.10.10.2 as 192.168.1.100 --> 10.10.10.2
>
> here is the debug of R1 when i ping from R3
> r1#
> 01:23:43: IP: s=192.168.1.100 (Ethernet0), d=192.168.1.2, len 100, rcvd 1
> 01:23:43: ICMP type=8, code=0
> 01:23:43: IP: s=192.168.1.2 (local), d=192.168.1.100 (Ethernet0), len 100,
> sendi
> ng
> 01:23:43: ICMP type=0, code=0
> r1#
> 01:23:45: IP: s=192.168.1.100 (Ethernet0), d=192.168.1.2, len 100, rcvd 1
> 01:23:45: ICMP type=8, code=0
> 01:23:45: IP: s=192.168.1.2 (local), d=192.168.1.100 (Ethernet0), len 100,
> sendi
> ng
> 01:23:45: ICMP type=0, code=0
>
> it is clearing saying that it is reciving the ping from 192.168.1.100 and
then
> sending back to it but when R2 gets it packet it say :
>
> 01:16:12: IP: s=192.168.1.2 (Ethernet0), d=192.168.1.100 (Ethernet0), len
100,
> r
> cvd 3
> 01:16:12: ICMP type=0, code=0
> 01:16:12:
> framer7#
> 01:16:14: IP: s=192.168.1.2 (Ethernet0), d=192.168.1.100 (Ethernet0), len
100,
> r
> cvd 3
> 01:16:14: ICMP type=0, code=0
>
> it is clear that R2 is recives the packet from R1 then it return the
packet to
> ethernet 0 .
>
> ........
> The funny thing is that when i directly ping from R1 to address
192.168.1.100
> then it succeed.
> here is the debug of R2 :
>
> 01:31:32: ICMP type=0, code=0
> 01:31:32:
> 01:31:33: IP: s=192.168.1.2 (Ethernet0), d=192.168.1.100 (Ethernet0), len
100,
> r
> cvd 3
> 01:31:33: ICMP type=8, code=0
> 01:31:33:
> 01:31:33: IP: s=192.168.1.100 (local), d=192.168.1.2 (Ethernet0), len 100,
> sendi
> ng
> 01:31:33: ICMP type=0, code=0
> 01:31:33:
> 01:31:33: IP: s=192.168.1.2 (Ethernet0), d=192.168.1.100 (Ethernet0), len
100,
> r
> cvd 3
> 01:31:33: ICMP type=8, code=0
> 01:31:33:
> 01:31:33: IP: s=192.168.1.100 (local), d=192.168.1.2 (Ethernet0), len 100,
> sendi
> ng
> 01:31:33: ICMP type=0, code=0
>
>
> Summary : from R1 i can ping to R3 translated
> from R3 i cant ping R1 translated
> R1 is in inside
> R3 is in outside
>
>
> -Mamoor
This archive was generated by hypermail 2.1.4 : Thu Jun 20 2002 - 13:46:31 GMT-3