Re: NAT intermittent throughout

From: ccie@lockdown.nu
Date: Mon May 01 2006 - 16:32:33 ART

• Next message: Bajo: "Re: IPV6"
• Previous message: jacque vincent: "IPV6"
• Maybe in reply to: Stephen Vallois-Davies: "NAT intermittent throughout"
• Next in thread: Chris Lewis: "Re: NAT intermittent throughout"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

If the issue was to do with the order of operation, why would it be an
intermittent problem? Surely it would either work or not.

Some packets get through, others do not. As I said, if the route is to a
destination, then all packets are translated - however if the route is to
an interface, then some get translated, and others do not.

Regards,
Steve.

> I think your issue stems from the order of operation necessary between
> routing and NAT.
>
>
> Translations from inside to outside must route first, then translate to
> get
> the packet to the right interface. Translations from outside to inside
> must
> NAT first then route to get to the right interface. Note that if you are
> translating from outside to inside, the add-route option is necessary to
> put
> a /32 in to correct the routing (or manual insertino of a /32 route).
>
>
>
> Some debugs of ip nat and ip packet should illustrate this.
>
>
>
> Chris
>
>
>
> On 5/1/06, Stephen Vallois-Davies <cisco@lockdown.nu> wrote:
>>
>> Hi All,
>>
>> I was setting up some NAT, and came across an odd intermittent traffic
>> throughput problem.
>>
>> The setup is as follows:
>>
>>
>>
>> PC2 ------------- R5 ------------------ PC1
>> F0/0 f0/1.999 vlan 999
>>
>> PC2 = 1.10.10.4
>> pc1 = 128.1.5.1
>>
>> With R5 having the following config:
>>
>> interface FastEthernet0/0
>> ip address 1.10.11.249 255.255.254.0
>> ip nat inside
>> !
>> interface FastEthernet0/1.999
>> encapsulation dot1Q 999
>> ip address 128.1.5.5 255.255.255.0
>> ip nat outside
>> !
>> ip route 1.10.13.250 255.255.255.255 128.1.5.1
>> ip route 128.1.6.0 255.255.255.0 FastEthernet0/0
>> !
>> ip nat inside source static 1.10.10.4 128.1.6.254
>> ip nat outside source static 128.1.5.1 1.10.13.250
>> !
>>
>> If the route for the outside global addresses is a host
>> route to PC2, then traffic will flow between PC1 and PC2
>>
>> However if the route is as follows:
>>
>> ip route 1.10.13.250 255.255.255.255 f0/1.999
>>
>> then the packet throughput is intermittent. With a ping from
>> PC1 to PC2, PC2 will always send the echo request to PC1 as follows:
>>
>> 1.10.10.4 -> 1.10.13.250
>>
>> but then R5 has a problem forwarding/translating the packet.
>>
>> Arp entries, nat entries all look good. Any ideas?
>>
>> For the outside->inside translation I can use a host as destination for
>> route, or interface, and translation is unaffected.
>>
>> It only seems to be a problem for the 'ip nat outside' configurations.
>>
>> Cheers, Steve.
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Bajo: "Re: IPV6"
• Previous message: jacque vincent: "IPV6"
• Maybe in reply to: Stephen Vallois-Davies: "NAT intermittent throughout"
• Next in thread: Chris Lewis: "Re: NAT intermittent throughout"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 01 2006 - 06:33:20 ART