NAT on a stick

From: Hunt Lee (ciscoforme3@yahoo.com.au)
Date: Sat Nov 09 2002 - 09:08:48 GMT-3

• Next message: Franck ccie: "Regular expression for BGP"
• Previous message: Hedi Abdelkafi: "Enabling RTP Compression of PTP Frame-Relay interface"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi All,

I'm trying to configure NAT on a stick. My config and outputs look like below. The
requirements are:

1) HostA, behind R1, needs to communicate with HostB behind R3 using their Global
addresses

2) Traffic between these hosts must be sent through NATrouter.

Question is, even though HostA & HostB can ping each other on their respective
Global IPs, when i'm doing the trace, it shows that 2 extra hops have been incurred
in the middle of the trace.

Any ideas

         
        Loopback (5.5.5.1/30 - IP Nat Outside)
           -------
              |
          NATrouter (fa0/0 -1.1.1.2/24 - IP Nat Inside)
              |
   ------------------------ (Ethernet)
   | |
   | 1.1.1.1/24 | 1.1.1.3/24
   | |
  R1 R3
   | 10.10.10.2/24 | 20.20.20.2/24
   | |
   | |
  HostA HostB
10.10.10.1/24 20.20.20.1/24

At R2:-

interface Loopback0
 ip address 5.5.5.1 255.255.255.252
 ip nat outside
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0
 ip address 1.1.1.2 255.255.255.0
 no ip redirects
 ip nat inside
 no ip route-cache
 no ip mroute-cache
 ip policy route-map haha
 speed 100
 full-duplex

ip nat inside source static 10.10.10.1 100.100.100.1
ip nat inside source static 20.20.20.1 200.200.200.1

ip route 10.0.0.0 255.0.0.0 1.1.1.1
ip route 20.0.0.0 255.0.0.0 1.1.1.3
ip route 100.100.100.1 255.255.255.255 1.1.1.1
ip route 200.200.200.1 255.255.255.255 1.1.1.3

access-list 101 permit ip host 10.10.10.1 any
access-list 101 permit ip any host 100.100.100.1
access-list 101 permit ip host 20.20.20.1 any
access-list 101 permit ip any host 200.200.200.1

route-map haha permit 10
 match ip address 101
 set ip next-hop 5.5.5.2

********* Pings works for HostA to HostB, as wall as HostB back to Host A with the
Global IPs ******

HostA#ping 200.200.200.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 200.200.200.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 68/74/88 ms
HostA#

HostB#ping 100.100.100.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.100.100.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 68/74/88 ms
HostB#

****** And the NAT translation also looks fine on "debug ip nat" ********

Nov 9 21:59:01.335 UTC: NAT: s=10.10.10.1->100.100.100.1, d=200.200.200.1 [105]
Nov 9 21:59:01.339 UTC: NAT: s=100.100.100.1, d=200.200.200.1->20.20.20.1 [105]
Nov 9 21:59:01.375 UTC: NAT: s=20.20.20.1->200.200.200.1, d=100.100.100.1 [105]
Nov 9 21:59:01.379 UTC: NAT: s=200.200.200.1, d=100.100.100.1->10.10.10.1 [105]
Nov 9 21:59:01.419 UTC: NAT: s=10.10.10.1->100.100.100.1, d=200.200.200.1 [106]
Nov 9 21:59:01.423 UTC: NAT: s=100.100.100.1, d=200.200.200.1->20.20.20.1 [106]
Nov 9 21:59:01.459 UTC: NAT: s=20.20.20.1->200.200.200.1, d=100.100.100.1 [106]
Nov 9 21:59:01.463 UTC: NAT: s=200.200.200.1, d=100.100.100.1->10.10.10.1 [106]
Nov 9 21:59:01.503 UTC: NAT: s=10.10.10.1->100.100.100.1, d=200.200.200.1 [107]
Nov 9 21:59:01.507 UTC: NAT: s=100.100.100.1, d=200.200.200.1->20.20.20.1 [107]
Nov 9 21:59:01.539 UTC: NAT: s=20.20.20.1->200.200.200.1, d=100.100.100.1 [107]
Nov 9 21:59:01.543 UTC: NAT: s=200.200.200.1, d=100.100.100.1->10.10.10.1 [107]
Nov 9 21:59:01.583 UTC: NAT: s=10.10.10.1->100.100.100.1, d=200.200.200.1 [108]
Nov 9 21:59:01.587 UTC: NAT: s=100.100.100.1, d=200.200.200.1->20.20.20.1 [108]
Nov 9 21:59:01.623 UTC: NAT: s=20.20.20.1->200.200.200.1, d=100.100.100.1 [108]
Nov 9 21:59:01.627 UTC: NAT: s=200.200.200.1, d=100.100.100.1->10.10.10.1 [108]
Nov 9 21:59:01.667 UTC: NAT: s=10.10.10.1->100.100.100.1, d=200.200.200.1 [109]
Nov 9 21:59:01.671 UTC: NAT: s=100.100.100.1, d=200.200.200.1->20.20.20.1 [109]
Nov 9 21:59:01.703 UTC: NAT: s=20.20.20.1->200.200.200.1, d=100.100.100.1 [109]
Nov 9 21:59:01.707 UTC: NAT: s=200.200.200.1, d=100.100.100.1->10.10.10.1 [109]

**** But if I try to do traceroutes, 2 extra hops appears in the middle of the
trace ****

HostA#trace 200.200.200.1

Type escape sequence to abort.
Tracing the route to 200.200.200.1

  1 R1 (10.10.10.2) 20 msec 28 msec 20 msec
  2 NATrouter (1.1.1.2) 24 msec 24 msec 24 msec
  3 R3 (1.1.1.3) 24 msec 28 msec 28 msec
  4 NATrouter (1.1.1.2) 24 msec 32 msec 28 msec
  5 R3 (1.1.1.3) 28 msec 32 msec 32 msec
  6 200.200.200.1 64 msec 52 msec *
HostA#

HostB#trace 100.100.100.1

Type escape sequence to abort.
Tracing the route to 100.100.100.1

  1 R3 (20.20.20.2) 24 msec 24 msec 24 msec
  2 NATrouter (1.1.1.2) 24 msec 28 msec 24 msec
  3 R1 (1.1.1.1) 28 msec 32 msec 32 msec
  4 NATrouter (1.1.1.2) 28 msec 32 msec 28 msec
  5 R1 (1.1.1.1) 32 msec 32 msec 32 msec
  6 100.100.100.1 48 msec 48 msec *
HostB#

Hunt

http://careers.yahoo.com.au - Yahoo! Careers
- 1,000's of jobs waiting online for you!

• Next message: Franck ccie: "Regular expression for BGP"
• Previous message: Hedi Abdelkafi: "Enabling RTP Compression of PTP Frame-Relay interface"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Dec 03 2002 - 07:22:55 GMT-3