From: Ng, Kim Seng David (David) (ksng@xxxxxxxxx)
Date: Wed Jun 26 2002 - 00:47:08 GMT-3
You are right. It works with a static to 197.7.6.0/24. I guess this is what the
flow for packets going from inside-to-outside interface:
1) Routing (based on outside local)
2) Translate outside local to outside global
3) Routing (again based on outside global)
Thanks
David
-----Original Message-----
From: Carlos G Mendioroz [mailto:tron@huapi.ba.ar]
Sent: Wednesday, June 26, 2002 1:17 AM
To: Ng, Kim Seng David (David)
Cc: ccielab@groupstudy.com
Subject: Re: NAT scenario problem
I think the problem lies in that you have no route to 197.7.6.0/24 at
R2.
And the inside to outside NAT happens after route determination.
Just try a static at R2 pointing to to0 and see...
Check http://www.cisco.com/warp/public/5Carlos,56/5.html
"Ng, Kim Seng David (David)" wrote:
>
> Hi Group,
>
> I tried some NAT scenarios today and one part did not work as I expected. I
> hope someone can help to verify. This is the config:
>
> R1-e0----------e0-R2-To0--------To0-R3-S0------------S0-R4-S1------------S0-R
> 5
>
> R1 & R2 on 10.1.0.0/16 network. On the same interface to R1, R2 has a
> secondary address of 197.7.9.0/24
>
> R2 & R3 on 197.7.8.0/24 network
>
> R3 & R4 on 197.7.7.0/24 network
>
> R4 & R5 on 10.2.0.0/16 network
>
> Routing protocol:
> - All except R1 is running EIGRP. On R2, EIGRP is also activated on secondary
> address 197.7.9.0 but we passive this interface which is to R1.
> - R1 has a static route to 197.7.0.0 via e0 of R2
>
> NAT config:
> All NAT are done on R2:
>
> ip nat inside source static 10.1.1.6 197.7.9.5 -> 10.1.1.6 is IP add
on R1's
> e0 interface
> ip nat outside source static 10.2.2.4 197.7.6.2 ->10.2.2.4 is IP add
on R5's
> s0 interface
>
> R2 e0 is configured "ip nat inside"
> R2 To0 is configured "ip nat outside"
>
> Testing:
>
> From R1, I ping R4 s0 interface with no problem. The following is the debug i
p
> nat.
>
> 08:18:26: NAT*: s=10.1.1.6->197.7.9.5, d=197.7.7.3 [1786]
> 08:18:26: NAT*: s=197.7.7.3, d=197.7.9.5->10.1.1.6 [1786]
> 08:18:26: NAT*: s=10.1.1.6->197.7.9.5, d=197.7.7.3 [1787]
> 08:18:26: NAT*: s=197.7.7.3, d=197.7.9.5->10.1.1.6 [1787]
> 08:18:27: NAT*: s=10.1.1.6->197.7.9.5, d=197.7.7.3 [1788]
>
> However, when I tried to ping 197.7.6.2 (outside local address) from R1, R2
> did not does not translate the address from 197.7.6.2 to 10.2.2.4 even though
> I already specified it to translate to 10.2.2.4 as stated above. R1 will
> report "unreachable" in it's ping result as R2 does not have 197.7.6.0 in it'
s
> routing table. My question is why R2 does not translate that address?? Is
> there a missing command?
>
> Next I ping 197.7.9.5 which is the inside-global of R1's e0 interface from R5
.
> The following is the debug ip NAT translation as well as IP packet at R2.
>
> 08:28:39: NAT*: s=10.2.2.4->197.7.6.2, d=197.7.9.5 [1023]
> 08:28:39: NAT*: s=197.7.6.2, d=197.7.9.5->10.1.1.6 [1023]
> 08:28:39: IP: NAT enab = 1 trans = 0 flags = 80
> 08:28:39: IP: s=10.1.1.6 (Serial1), d=197.7.6.2, len 100, unroutable
> 08:28:39: IP: s=10.1.1.2 (local), d=10.1.1.6 (Serial1), len 56, sending
> 08:28:41: NAT*: s=10.2.2.4->197.7.6.2, d=197.7.9.5 [1024]
> 08:28:41: NAT*: s=197.7.6.2, d=197.7.9.5->10.1.1.6 [1024]
> 08:28:41: IP: NAT enab = 1 trans = 0 flags = 80
> 08:28:41: IP: s=10.1.1.6 (Serial1), d=197.7.6.2, len 100, unroutable
> 08:28:41: IP: s=10.1.1.2 (local), d=10.1.1.6 (Serial1), len 56, sending
>
> It showed that 10.2.2.4 got translated only one way. R2 did not translate the
> 197.7.6.2 to 10.2.2.4 in the return path even though it did in the forward
> path.
>
> Hope someone can advice where I may have gone wrong.
>
> Thanks
> David
This archive was generated by hypermail 2.1.4 : Tue Jul 02 2002 - 08:12:41 GMT-3