NAT scenario problem

From: Ng, Kim Seng David (David) (ksng@xxxxxxxxx)
Date: Tue Jun 25 2002 - 13:03:07 GMT-3

• Next message: David Wolsefer: "RE: My lab experience"
• Previous message: Martin, Chris: "Re: My lab experience"
• Next in thread: Carlos G Mendioroz: "Re: NAT scenario problem"
• Maybe reply: Carlos G Mendioroz: "Re: NAT scenario problem"
• Maybe reply: Ng, Kim Seng David (David): "RE: NAT scenario problem"
• Maybe reply: Carlos G Mendioroz: "Re: NAT scenario problem"
• Maybe reply: li jian hua: "Re: NAT scenario problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Hi Group,

I tried some NAT scenarios today and one part did not work as I expected. I
hope someone can help to verify. This is the config:

R1-e0----------e0-R2-To0--------To0-R3-S0------------S0-R4-S1------------S0-R
5

R1 & R2 on 10.1.0.0/16 network. On the same interface to R1, R2 has a
secondary address of 197.7.9.0/24

R2 & R3 on 197.7.8.0/24 network

R3 & R4 on 197.7.7.0/24 network

R4 & R5 on 10.2.0.0/16 network

Routing protocol:
- All except R1 is running EIGRP. On R2, EIGRP is also activated on secondary
address 197.7.9.0 but we passive this interface which is to R1.
- R1 has a static route to 197.7.0.0 via e0 of R2

NAT config:
All NAT are done on R2:

ip nat inside source static 10.1.1.6 197.7.9.5 -> 10.1.1.6 is IP add o
n R1's
e0 interface
ip nat outside source static 10.2.2.4 197.7.6.2 ->10.2.2.4 is IP add on
 R5's
s0 interface

R2 e0 is configured "ip nat inside"
R2 To0 is configured "ip nat outside"

Testing:

>From R1, I ping R4 s0 interface with no problem. The following is the debug ip
nat.

08:18:26: NAT*: s=10.1.1.6->197.7.9.5, d=197.7.7.3 [1786]
08:18:26: NAT*: s=197.7.7.3, d=197.7.9.5->10.1.1.6 [1786]
08:18:26: NAT*: s=10.1.1.6->197.7.9.5, d=197.7.7.3 [1787]
08:18:26: NAT*: s=197.7.7.3, d=197.7.9.5->10.1.1.6 [1787]
08:18:27: NAT*: s=10.1.1.6->197.7.9.5, d=197.7.7.3 [1788]

However, when I tried to ping 197.7.6.2 (outside local address) from R1, R2
did not does not translate the address from 197.7.6.2 to 10.2.2.4 even though
I already specified it to translate to 10.2.2.4 as stated above. R1 will
report "unreachable" in it's ping result as R2 does not have 197.7.6.0 in it's
routing table. My question is why R2 does not translate that address?? Is
there a missing command?

Next I ping 197.7.9.5 which is the inside-global of R1's e0 interface from R5.
The following is the debug ip NAT translation as well as IP packet at R2.

08:28:39: NAT*: s=10.2.2.4->197.7.6.2, d=197.7.9.5 [1023]
08:28:39: NAT*: s=197.7.6.2, d=197.7.9.5->10.1.1.6 [1023]
08:28:39: IP: NAT enab = 1 trans = 0 flags = 80
08:28:39: IP: s=10.1.1.6 (Serial1), d=197.7.6.2, len 100, unroutable
08:28:39: IP: s=10.1.1.2 (local), d=10.1.1.6 (Serial1), len 56, sending
08:28:41: NAT*: s=10.2.2.4->197.7.6.2, d=197.7.9.5 [1024]
08:28:41: NAT*: s=197.7.6.2, d=197.7.9.5->10.1.1.6 [1024]
08:28:41: IP: NAT enab = 1 trans = 0 flags = 80
08:28:41: IP: s=10.1.1.6 (Serial1), d=197.7.6.2, len 100, unroutable
08:28:41: IP: s=10.1.1.2 (local), d=10.1.1.6 (Serial1), len 56, sending

It showed that 10.2.2.4 got translated only one way. R2 did not translate the
197.7.6.2 to 10.2.2.4 in the return path even though it did in the forward
path.

Hope someone can advice where I may have gone wrong.

Thanks
David

• Next message: David Wolsefer: "RE: My lab experience"
• Previous message: Martin, Chris: "Re: My lab experience"
• Next in thread: Carlos G Mendioroz: "Re: NAT scenario problem"
• Maybe reply: Carlos G Mendioroz: "Re: NAT scenario problem"
• Maybe reply: Ng, Kim Seng David (David): "RE: NAT scenario problem"
• Maybe reply: Carlos G Mendioroz: "Re: NAT scenario problem"
• Maybe reply: li jian hua: "Re: NAT scenario problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jul 02 2002 - 08:12:41 GMT-3