Re: NAT translation problem

From: Hunt Lee (ciscoforme3@yahoo.com.au)
Date: Sat Nov 02 2002 - 02:47:56 GMT-3

Allen, Carlos,

Thanks so much for you guys help, I finally got it to work today, YAY ;)

I had to put the "no ip route-cache" on the interface connecting to that
next-hop (at Serial 0/1 of hub pointing to RTC), and everything starts to fly
afterwards.

Regards,
H.

 --- Carlos G Mendioroz <tron@huapi.ba.ar> wrote: > Hunt, Allen:
>
> I've just labbed this and I think he (we?) have met a bug.
> The thing "working" sometimes just got my attention (and yours, Allen)
> because I've run some times into this kind of problems.
>
> Facts:
> -problem happens when "next-hop" is used in route-map
> and cisco says this is supported at
> http://www.cisco.com/warp/public/cc/pd/iosw/ioft/ionetn/prodlit/1195_pp.htm
> -it works the first time, and continues to work until translation
> invalidation
> -it then does not work, but you can make it work again by
> "clear ip cache"
>
> But:
> -it behaves the same even after turning "no ip route-cache" on
> the ethernet !?!?
>
> (This is strange for me, last time I run into something similar,
> no ip route-cache solved it.)
>
> FTR, I'm using c2600-jk9o3s-mz.122-10b.bin in the hub.
>
>
> McClure, Allen wrote:
> > Try entering "no ip route-cache" on the interfaces with policy routing.
> > It's possible that you are fast switching packets and your policy
> > routing isn't seeing them. By process switching them, you take insure
> > that policy is applied.
> >
> > Alternatively, you may be able to enable fast-switched policy routing,
> > but be aware that it doesn't work for set next-hop or set default.
> >
> > Just a guess. Hope this helps.
> >
> > Allen McClure
> > MCSE, CCNP, CCDP
> > YUM! Brands, Inc.
> > Sr. Network Analyst
> > NEW E-Mail - mailto:allen.mcclure@yum.com
> > 972-338-7494
> >
> >
> > -----Original Message-----
> > From: Hunt Lee [mailto:ciscoforme3@yahoo.com.au]
> > Sent: Friday, November 01, 2002 5:19 AM
> > To: Deepesh Chouhan
> > Cc: ccielab@groupstudy.com
> > Subject: RE: NAT translation problem
> >
> >
> > Hi Deepesh,
> >
> > That's what I thought too. According to CCO
> > http://www.cisco.com/warp/public/556/5.html , for inside to outside,
> > routing should always take place before NAT.
> >
> > However, from my test lab, it seems that if I use "match ip next-hop",
> > only the first try got successfull NAT, but any subsequest try are not
> > working. But if I power cycle all the routers, it would work again for
> > another try.
> >
> > Please see below...
> >
> > I have a router called testrouter on the inside network (with IP
> > 10.1.1.12
> >
> > testrouter#ping 207.36.65.254
> >
> > Type escape sequence to abort.
> > Sending 5, 100-byte ICMP Echos to 207.36.65.254, timeout is 2 seconds:
> > !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max =
> > 32/32/36 ms testrouter#
> >
> >
> > RTA#sh ip nat translations
> > Pro Inside global Inside local Outside local Outside global
> > icmp 207.36.76.2:4643 10.1.1.12:4643 207.36.65.254:4643
> > 207.36.65.254:4643 RTA#
> >
> >
> > ******** so the first go works, now wait for the NAT translation timeout
> > *****
> >
> > *Mar 1 00:15:09.927 UTC: NAT: expiring 207.36.76.2 (10.1.1.12) icmp
> > 4643(4643)
> >
> >
> > ******** and if I try again from testrouter to initate packets to
> > outside ****
> >
> > testrouter#ping 207.36.65.254
> >
> > Type escape sequence to abort.
> > Sending 5, 100-byte ICMP Echos to 207.36.65.254, timeout is 2 seconds:
> > !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max =
> > 32/33/36 ms testrouter#
> >
> >
> >
> > RTA#sh ip nat translations
> >
> > RTA#
> >
> > ************* It is not getting translated anymore... **********
> >
> >
> > Cheers,
> > H.
> >
> >
> > --- Deepesh Chouhan <deepesh@cisco.com> wrote: > Hi
> >
> >>For inside : NAT always routes the packet and then NATS them. So i
> >>guess match ip next hop will work for every packet
> >>
> >>thanks
> >>deepesh
> >>
> >>
> >>
> >>>-----Original Message-----
> >>>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf
> >>>Of Hunt Lee
> >>>Sent: Thursday, October 31, 2002 7:57 PM
> >>>To: 'David C Prall'
> >>>Cc: 'ccielab@groupstudy.com'
> >>>Subject: RE: NAT translation problem
> >>>
> >>>
> >>>Then if the requirement says that I can't use "match ip address" nor
> >>
> >
> >>>"match interface", then does any one know how to achieve this ??
> >>>
> >>>The only one I can think of is "match ip next-hop", yet NAT only
> >>>works on the first few packets (which I couldn't understand). Has
> >>>anybody else had this problem before??
> >>>
> >>>br2.offline(config-route-map)#match ip next-hop ?
> >>> <1-99> IP access-list number
> >>> <1300-1999> IP access-list number (expanded range)
> >>> WORD IP standard access-list name
> >>> prefix-list Match entries of prefix-lists
> >>> <cr>
> >>>
> >>>Hunt
> >>>
> >>>
> >>>-----Original Message-----
> >>>From: David C Prall [mailto:dcp@dcptech.com]
> >>>Sent: Friday, 1 November 2002 12:49 PM
> >>>To: CCIE Lab Groupstudy.Com
> >>>Subject: RE: NAT translation problem
> >>>
> >>>
> >>>You need to use an extended access-list within your route-map that
> >>>defines the destination addresses. And you'll only need the match ip
> >>
> >
> >>>address.
> >>>
> >>>http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note
> >>>09186a0080
> >>>093fca.shtml
> >>>
> >>>--
> >>>David C Prall dcp@dcptech.com http://dcp.dcptech.com
> >>>
> >>>
> >>>>-----Original Message-----
> >>>>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On
> >>>>Behalf Of Hunt Lee
> >>>>Sent: Thursday, October 31, 2002 9:14 PM
> >>>>To: 'ccielab@groupstudy.com'
> >>>>Subject: NAT translation problem
> >>>>
> >>>>
> >>>>I have configured a 3 routers EBGP (see picture below). What I
> >>>
> >>>am trying
> >>>
> >>>>to achieve is that when a packet is forwarded to RTB, the packet
> >>>>will have a sournce address from 205.113.50.0/23; when a packet is
> >>>
> >
> >>>>forwarded to RTC, the packet must have a source address of
> >>>>207.36.76.0/23.
> >>>>
> >>>>For going to RTB, I based this on saying if the outgoing interface
> >>>
> >
> >>>>for the packet is s0/0 (the int to RTB), then this packet must be
> >>>>for RTB (hence NAT range 205.113.50.0/23).
> >>>>
> >>>>As for going to RTC, I based this on if the Next-Hop IP for the
> >>>>packet is 207.36.65.254, then this packet destination must be for
> >>>>RTC, hence NAT range 207.36.76.0/23).
> >>>>
> >>>>RTB RTC
>
=== message truncated ===

http://careers.yahoo.com.au - Yahoo! Careers
- 1,000's of jobs waiting online for you!

This archive was generated by hypermail 2.1.4 : Tue Dec 03 2002 - 07:23:09 GMT-3