RE: ip nat outside---help!!!

From: Daniel Cisco Group Study (danielcgs@imc.net.au)
Date: Sun May 25 2003 - 06:17:56 GMT-3

• Next message: lg01: "Police command confusion"
• Previous message: Ciscolab: "Re: RE: discontinuous OSPF Area"
• Maybe in reply to: Connie Nie: "ip nat outside---help!!!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Connie,

What's happening here is that your echo reply is being routed out onto the Loopback18 interface, and then dropped.

You could fix this by simply adding "ip nat outside" on Loopback18. The echo reply's dest ip address will then be translated as it is routed out onto the Loopback18 interface. Being a "Looped" interface, the packet comes right back into the router, but this time with a dest IP address of 150.50.4.8. The packet is routed again, and this time goes out onto the Serial0 interface.

Daniel

-----Original Message-----
From: Connie Nie [mailto:CNie@EPLUS.com]
Sent: Saturday, 24 May 2003 03:43
To: ccielab@groupstudy.com
Subject: ip nat outside---help!!!

Hi, there. I am stuck on a NAT problem and wonder if someone can shed some
light on it. Here is the scenario:
 
R5(150.50.7.5)------------------(nat inside)R7(nat
outside)----------------R8.(150.50.4.8)
 
If I ping 150.50.7.5 from R8's 150.50.4.8, source address of packets
received on r7's outside interface is being translated into 200.0.0.18 and
echo reply is received from R5, but 200.0.0.18 arrived on the inside
interface is not seen being translated back to 150.50.4.8. Here is the
output of debug ip nat detail and debug ip icmp on R7-----
 
2w2d: NAT*: o: icmp (150.50.4.8, 1295) -> (150.50.7.5, 1295) [941]
2w2d: NAT*: s=150.50.4.8->200.0.0.18, d=150.50.7.5 [941]
2w2d: ICMP: echo reply rcvd, src 150.50.7.5, dst 200.0.0.18
 
Show ip nat translate on r7:
Pro Inside global Inside local Outside local Outside global
--- --- --- 200.0.0.18
150.50.4.8
--- 150.50.7.5 150.50.7.5 200.0.0.18 150.50.4.8
 
NAT Configuration on R7:
 
interface Ethernet0
 ip address 150.50.7.7 255.255.255.128
 ip nat inside
interface Serial0
 ip address 150.50.5.67 255.255.255.224
 ip nat outside
 no fair-queue
interface Loopback18
 ip address 200.0.0.17 255.255.255.252
 ip ospf network point-to-point
 
ip nat outside source static 150.50.4.8 200.0.0.18
 
Thank you for your help.
 
Connie

**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.
www.mimesweeper.com
**********************************************************************

• Next message: lg01: "Police command confusion"
• Previous message: Ciscolab: "Re: RE: discontinuous OSPF Area"
• Maybe in reply to: Connie Nie: "ip nat outside---help!!!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Jun 02 2003 - 15:13:47 GMT-3