RE: NAT Outside & RIP unicast updates

From: jfaure@sztele.com
Date: Fri Oct 08 2004 - 07:49:12 GMT-3

Hi Group:

Firstly, sorry to retake this "older" issue, but until now i have no time
to test it and i have some doubts. I am wondering about how to do to to
only send unicast updates with rip NOT USING NEIGHBOR command, and 2 months
ago i have seen the attached mail that it seemed interesting.

I've tried to implement on a very simple scenario

R3-2600-- - - - - - - - - - - - - - - --R4-2513
                 s0/0.1 s0.1

My configs:

-R3-2600

interface Serial0/0
 no ip address
 encapsulation frame-relay IETF
 frame-relay lmi-type q933a
!
interface Serial0/0.1 point-to-point
 ip address 212.51.48.86 255.255.255.252
 ip nat outside
 frame-relay interface-dlci 1006

router rip
 version 2
 network 212.51.48.0
 no auto-summary
!
ip nat outside source static udp 212.51.48.85 520 224.0.0.9 520 extendable

-R4-2513

interface Loopback0
 ip address 1.1.1.1 255.255.255.0

interface Serial0
 no ip address
 encapsulation frame-relay IETF
 no fair-queue
 frame-relay lmi-type q933a
!
interface Serial0.1 point-to-point
 ip address 212.51.48.85 255.255.255.252
 ip nat outside
 frame-relay interface-dlci 1006

router rip
 version 2
 network 1.0.0.0
 network 212.51.48.0
 no auto-summary
!
ip nat outside source static udp 212.51.48.86 520 224.0.0.9 520 extendable

With this config, if i do a debug ip packet on router R3, i only see
unicast updates received, but none sent

R3-2600#sh deb condit

Condition 1: interface Se0/0.1 (1 flags triggered)
        Flags: Se0/0.1

R3-2600#debug ip pack
IP packet debugging is on
R3-2600#
03:22:12: IP: s=212.51.48.85 (Serial0/0.1), d=212.51.48.86, len 52, rcvd 2
03:22:41: IP: s=212.51.48.85 (Serial0/0.1), d=212.51.48.86, len 52, rcvd 2

And the other end, the R4 only displays sended rip updates but to 224.0.0.9
address (none received )
R4-2513#sh deb condit

Condition 1: interface Se0.1 (1 flags triggered)
        Flags: Se0.1

R4-2513#debug ip pack
IP packet debugging is on
R4-2513#
03:25:34: IP: s=212.51.48.85 (local), d=224.0.0.9 (Serial0.1), len 52,
sending broad/multicast
03:26:01: IP: s=212.51.48.85 (local), d=224.0.0.9 (Serial0.1), len 52,
sending broad/multicast

Curiously, the RIP "adjacency" is working fine, i can see all the time the
1.1.1.1 address at R3

R3-2600#sh ip route rip
     1.0.0.0/24 is subnetted, 1 subnets
R 1.1.1.0 [120/1] via 212.51.48.85, 00:00:13, Serial0/0.1

Please, can anyone say if there is a way to only allow unicast updates
using rip and NOT USING NEIGHBOR command? Or maybe i am lossing something
important at my configs? I don't understand how R3 don't display at the
"debug ip packet output" any packet sent to 224.0.09... can the nating
translate "self-originated traffic" of a router?

By the way, i am using 12.1.16 ios because my equipment has no resources to
install 12.2

Regards

                                                                                                                           
                    "Brian Dennis"
                    <bdennis@internetworke Para: <gladston@br.ibm.com>, <ccielab@groupstudy.com>
                    xpert.com> cc:
                    Enviado por: Asunto: RE: NAT Outside
                    nobody@groupstudy.com
                                                                                                                           
                                                                                                                           
                    11/08/2004 20:25
                    Por favor, responda a
                    "Brian Dennis"
                                                                                                                           
                                                                                                                           

<Qoute>
At the first glance I would say that this example would translate source
address whit IP 172.16.0.2 to 224.0.0.9 when the packet goes from
outside to inside; ok, it would really does it if there was a response
for RIP updates, which is not the case.
</Quote>

The source IP address of a packet is never multicast. The translation
is changing the normal RIPv2 destination address of 224.0.0.9 to the
unicast address of 172.16.0.2.

The logic of the command is:
ip nat outside source static <global-ip> <local-ip>

In this case the original destination IP address of 224.0.0.9 (local-ip)
is NAT'ed to 172.16.0.2 (global-ip).

Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
bdennis@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Direct: 775-745-6404 (Outside the US and Canada)

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
gladston@br.ibm.com
Sent: Wednesday, August 11, 2004 10:47 AM
To: ccielab@groupstudy.com
Subject: NAT Outside

There is this example at Cisco Lab Press book:

int fa 0/0
 ip ad 172.16.0.1
 ip nat outside
!
ip nat outside source static udp 172.16.0.2 520 224.0.0.9 520
!
end

The goal is to unicast RIP packets instead of broadcast it to the
multicast address 224.0.09. I implemented it and it works really nice.
What I would appreciate is any tip about the interpretation of a "nat
outside" statement when reading it.

At the first glance I would say that this example would translate source
address whit IP 172.16.0.2 to 224.0.0.9 when the packet goes from
outside to inside; ok, it would really does it if there was a response
for RIP updates, which is not the case.

Is there a logical way to think about it? or just memorize?

This archive was generated by hypermail 2.1.4 : Sat Nov 06 2004 - 17:11:44 GMT-3