RE: unexpected behaviour or NAT or i am overlooking

From: Phil (ciscostudent1@xxxxxxxxxxxx)
Date: Fri Mar 01 2002 - 22:36:21 GMT-3

• Next message: Nick Shah: "Re: ISDN BRI back to back"
• Previous message: Chua, Parry: "RE: SRB RIF question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
 It's not an unexpected behavior of NAT, it's the way it's supposed to behave.Y
ou should not be using the statement "ip nat outside static 10.10.10.2 192.168.
1.100 in this scenario. Everything will work fine with only the "ip nat inside"
 statement. You only use the "ip nat outside" if you have the same networks run
ning on the inside and on the outside.
You can read the statements as:
ip nat inside source static 192.168.1.2 10.10.10.10 : packet going from inside
to outside translate source address from 192.168.1.2 to 10.10.10.10, packet goi
ng from inside to outside translate destination address from 10.10.10.10 to 192
.168.1.2. When the packet arrives in the outside network it has a source addres
s of 10.10.10.10 and it's local for the network, then 10.10.10.2 replies and li
fe is good.
ip nat outside source static 10.10.10.2 192.168.1.100 : packet going from outsi
de to inside translate source addres from 10.10.10.2 to 192.168.1.100, packet g
oing from inside to outside translate destination address from 192.168.1.100 to
 10.10.10.2. When the packet arrives in the inside it has a source address of 1
92.168.1.100, then when R1 replies the destination address belongs to the same
subnet (192.168.1.0), because inside routes first, it sends back to the etherne
t.
Phil
  "Narvaez, Pablo" <Pablo.Narvaez@getronics.com> escreveu: Mammor, I'm just hav
ing the same problem you described below ..... Same behaviour, same situation,
same scenario .... did you figure out how to fix that? .. did you get to ping f
rom r3 to r1?

-----Original Message-----
From: Ahmed Mamoor Amimi [mailto:mamoor@ieee.org]
Sent: Viernes, 22 de Febrero de 2002 03:10 p.m.
To: ccielab@groupstudy.com
Subject: unexpected behaviour or NAT or i am overlooking

Hi,
I have very very simple NAT :
(inside)R1---------------(e0)R2(NAT)(e1)-----------R3(outside)
R2 : 192.168.1.1 ---> e0
10.10.10.1 -----> e1
R2 : 192.168.1.2
R3 : 10.10.10.2

At R2 i have stated :
ip nat inside static 192.168.1.2 10.10.10.10
When ever ip add 192.168.1.2 comes translate it to 10.10.10.10

ip nat outside static 10.10.10.2 192.168.1.100
When ever ip add 10.10.10.2 comes translate it to 192.168.1.100

R1 and R3 are having a default route to R2.

When i ping from R1 it is successful and translation occur.
As R1 is inside so routing first occur then translation.

When i ping from R3 it is not successful but translation occur
As R3 is outside translation occur then routing.

R3 is sending the packet to R1 and R1 is reciveing it as a source of
192.168.1.100, as NAT translate from 10.10.10.2 --> 192.168.1.100
And R1 is also send the packet to destination of 192.168.1.100 but when R2
recive it , it returns the packet to the same ethernet and dont let to packet
been return translated to 10.10.10.2 as 192.168.1.100 --> 10.10.10.2

here is the debug of R1 when i ping from R3
r1#
01:23:43: IP: s=192.168.1.100 (Ethernet0), d=192.168.1.2, len 100, rcvd 1
01:23:43: ICMP type=8, code=0
01:23:43: IP: s=192.168.1.2 (local), d=192.168.1.100 (Ethernet0), len 100,
sendi
ng
01:23:43: ICMP type=0, code=0
r1#
01:23:45: IP: s=192.168.1.100 (Ethernet0), d=192.168.1.2, len 100, rcvd 1
01:23:45: ICMP type=8, code=0
01:23:45: IP: s=192.168.1.2 (local), d=192.168.1.100 (Ethernet0), len 100,
sendi
ng
01:23:45: ICMP type=0, code=0

it is clearing saying that it is reciving the ping from 192.168.1.100 and then
sending back to it but when R2 gets it packet it say :

01:16:12: IP: s=192.168.1.2 (Ethernet0), d=192.168.1.100 (Ethernet0), len 100,
r
cvd 3
01:16:12: ICMP type=0, code=0
01:16:12:
framer7#
01:16:14: IP: s=192.168.1.2 (Ethernet0), d=192.168.1.100 (Ethernet0), len 100,
r
cvd 3
01:16:14: ICMP type=0, code=0

it is clear that R2 is recives the packet from R1 then it return the packet to
ethernet 0 .

........
The funny thing is that when i directly ping from R1 to address 192.168.1.100
then it succeed.
here is the debug of R2 :

01:31:32: ICMP type=0, code=0
01:31:32:
01:31:33: IP: s=192.168.1.2 (Ethernet0), d=192.168.1.100 (Ethernet0), len 100,
r
cvd 3
01:31:33: ICMP type=8, code=0
01:31:33:
01:31:33: IP: s=192.168.1.100 (local), d=192.168.1.2 (Ethernet0), len 100,
sendi
ng
01:31:33: ICMP type=0, code=0
01:31:33:
01:31:33: IP: s=192.168.1.2 (Ethernet0), d=192.168.1.100 (Ethernet0), len 100,
r
cvd 3
01:31:33: ICMP type=8, code=0
01:31:33:
01:31:33: IP: s=192.168.1.100 (local), d=192.168.1.2 (Ethernet0), len 100,
sendi
ng
01:31:33: ICMP type=0, code=0

Summary : from R1 i can ping to R3 translated
from R3 i cant ping R1 translated
R1 is in inside
R3 is in outside

-Mamoor

• Next message: Nick Shah: "Re: ISDN BRI back to back"
• Previous message: Chua, Parry: "RE: SRB RIF question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:56:50 GMT-3