From: Antonio Soares (amsoares@netcabo.pt)
Date: Sun Jul 01 2007 - 17:19:44 ART
It works without PBR. See configs, outputs and debugs:
++++++++++++++++++++++++++
R1:
!
interface Ethernet1/0
ip address 12.12.12.1 255.255.255.0
!
++++++++++++++++++++++++++
R2:
!
interface Loopback0
ip address 2.2.2.2 255.255.255.0
!
interface Ethernet1/0
ip address 12.12.12.2 255.255.255.0
ip nat outside
!
ip nat inside source list 102 interface Loopback0 overload
!
access-list 102 permit icmp any any port-unreachable
access-list 102 permit icmp any any ttl-exceeded
!
++++++++++++++++++++++++++
R1#trace 12.12.12.2
Type escape sequence to abort.
Tracing the route to 12.12.12.2
1 2.2.2.2 0 msec * 4 msec
R1#
++++++++++++++++++++++++++
R2#deb ip nat
IP NAT debugging is on
R2#clear ip nat translation *
R2#sh ip nat translations
R2#
*Mar 1 02:07:58.033: NAT: s=12.12.12.2->2.2.2.2, d=12.12.12.1 [127]
R2#
*Mar 1 02:08:01.034: NAT: s=12.12.12.2->2.2.2.2, d=12.12.12.1 [128]
R2#
++++++++++++++++++++++++++
R2#sh ip nat trans
Pro Inside global Inside local Outside local Outside global
icmp 2.2.2.2:33434 12.12.12.2:33434 12.12.12.1:40476
12.12.12.1:40476
icmp 2.2.2.2:33436 12.12.12.2:33436 12.12.12.1:36978
12.12.12.1:36978
R2#
++++++++++++++++++++++++++
R2#sh ip access-lists
Extended IP access list 102
10 permit icmp any any port-unreachable (2 matches)
20 permit icmp any any ttl-exceeded
R2#
++++++++++++++++++++++++++
-----Original Message-----
From: Filyurin, Yan [mailto:yan.filyurin@eds.com]
Sent: domingo, 1 de Julho de 2007 20:59
To: Mike Kraus (mikraus); Antonio Soares; Bhaskar Sivanesan; ccie forum
Subject: RE: traceroute
Wouldn't you also need ip local policy routing command, to send locally
originated traffic through Loopback? In fact would we even need NAT at all?
In other words, traffic is originated locally, it gets policy routed to
next-hop of Loopback interface and it would come sourced from that. I am
still not sure about the last part. I will have to lab it up.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Mike
Kraus (mikraus)
Sent: Sunday, July 01, 2007 3:45 PM
To: Antonio Soares; Bhaskar Sivanesan; ccie forum
Subject: RE: traceroute
I just tried this, source is still physical... Tried just doing ip nat
enable (with NVI) to see if router would magically figure it out too, but to
no avail.
Have you gotten this to work?
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Antonio Soares
Sent: Sunday, July 01, 2007 2:30 PM
To: 'Bhaskar Sivanesan'; 'ccie forum'
Subject: RE: traceroute
None since the traffic is sourced from the router itself.
_____
From: Bhaskar Sivanesan [mailto:bas_bharath@yahoo.com]
Sent: domingo, 1 de Julho de 2007 20:25
To: Antonio Soares; ccie forum
Subject: Re: traceroute
Thanks Antonio, which will be the "ip nat inside" interface in this case.
cheers
----- Original Message ----
From: Antonio Soares <amsoares@netcabo.pt>
To: Bhaskar Sivanesan <bas_bharath@yahoo.com>; ccie forum
<ccielab@groupstudy.com>
Sent: Sunday, July 1, 2007 8:19:13 PM
Subject: RE: traceroute
The answer is NAT:
Example config:
!
access-list 102 permit icmp any any port-unreachable access-list 102 permit
icmp any any ttl-exceeded !
ip nat inside source list 102 interface Loopback0 overload !
!
interface Ethernet1/0
ip nat outside
!
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Bhaskar Sivanesan
Sent: domingo, 1 de Julho de 2007 19:58
To: ccie forum
Subject: traceroute
Hi group
How do we change the source IP address in the ICMP TTL exceeded reply
messages.
Like, when I am doing a traceroute, I want the reply to be sourced from the
respective router's loopback ip address rather than the interface address?
is there any way to do it?
thanks
This archive was generated by hypermail 2.1.4 : Sat Aug 18 2007 - 08:17:39 ART