From: Ashok CCIE (ashok.ccie@gmail.com)
Date: Thu Jul 12 2007 - 03:18:22 ART
Hi Team,
For the below mentioend topology the IP NAT Reversible is not working for
me: What is the issue?
R0 --- e0/0 ----R1 ----s2/0 ----- R2 -----s3/0 ----R3
R0
~~~
interface Ethernet0/0
ip address 3.3.3.1 255.255.255.0
ntp broadcast client
ntp broadcast key 1
!
router ospf 100
network 0.0.0.0 255.255.255.255 are 0
!
~~~
R1
~~~
!
interface Ethernet0/0
ip address 3.3.3.2 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Serial2/0
ip address 1.1.1.1 255.255.255.0
ip nat outside
no fair-queue
!
router ospf 100
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
!
ip classless
no ip http server
!
ip nat pool POOL 10.10.10.10 10.10.10.20 prefix-length 24
ip nat inside source route-map NAT pool POOL reversible
!
!
ip access-list extended NAT_ACL
permit ip any any log
permit icmp any any log
ip access-list extended NO_NAT_ACL
permit ospf any any log
permit tcp any any eq bgp log
permit tcp any eq bgp any log
permit eigrp any any log
permit udp any eq rip any eq rip log
route-map AA permit 10
match ip address 120
!
route-map NAT deny 10
match ip address NO_NAT_ACL
!
route-map NAT permit 20
match ip address NAT_ACL
!
~~~
R2
~~~
interface Serial2/0
ip address 1.1.1.2 255.255.255.0
ip nat outside
serial restart-delay 0
no fair-queue
!
interface Serial3/0
ip address 2.2.2.1 255.255.255.0
ip nat inside
serial restart-delay 0
!
router ospf 100
log-adjacency-changes
network 1.1.1.0 0.0.0.255 area 0
network 2.2.2.0 0.0.0.255 area 0
!
ip classless
ip route 10.10.10.0 255.255.255.0 1.1.1.1
~~~
R3
~~~
interface Serial3/0
ip address 2.2.2.2 255.255.255.0
serial restart-delay 0
!
router ospf 100
log-adjacency-changes
network 2.2.2.0 0.0.0.255 area 0
!
ip route 10.10.10.0 255.255.255.0 2.2.2.1
~~~
When i try to ping from R0, source is getting translated. But when i ping
from R3 to address 10.10.10.11, i get packet drop and debug at R1 as
follows:
Jul 12 06:01:52.951: NAT: expiring 10.10.10.10 (1.1.1.1) icmp 783 (783)
Jul 12 06:01:53.359: %SEC-6-IPACCESSLOGDP: list NAT_ACL permitted icmp
3.3.3.1 -> 2.2.2.2 (0/0), 5 packets
Jul 12 06:01:55.039: NAT: expiring 10.10.10.10 (1.1.1.1) icmp 785 (785)
Jul 12 06:02:00.647: NAT: s=1.1.1.1->10.10.10.10, d=2.2.2.2 [907]
Jul 12 06:02:02.719: NAT: s=1.1.1.1->10.10.10.10, d=2.2.2.2 [908]
Jul 12 06:02:04.831: NAT: s=1.1.1.1->10.10.10.10, d=2.2.2.2 [910]
Jul 12 06:02:42.395: IP: s=2.2.2.2 (Serial2/0), d=10.10.10.11, len 100,
unroutable
Jul 12 06:02:42.395: IP: tableid=0, s=1.1.1.1 (local),
d=2.2.2.2(Serial2/0), routed via RIB
Jul 12 06:02:42.395: IP: s=1.1.1.1 (local), d=2.2.2.2 (Serial2/0), len 56,
sending
Jul 12 06:02:42.463: IP: s=2.2.2.2 (Serial2/0), d=10.10.10.11, len 100,
unroutable
Jul 12 06:02:44.479: IP: s=2.2.2.2 (Serial2/0), d=10.10.10.11, len 100,
unroutable
Jul 12 06:02:44.479: IP: tableid=0, s=1.1.1.1 (local),
d=2.2.2.2(Serial2/0), routed via RIB
Jul 12 06:02:44.479: IP: s=1.1.1.1 (local), d=2.2.2.2 (Serial2/0), len 56,
sending
Jul 12 06:02:44.531: IP: s=2.2.2.2 (Serial2/0), d=10.10.10.11, len 100,
unroutable
Jul 12 06:02:44.771: IP: s=3.3.3.2 (local), d=224.0.0.5 (Ethernet0/0), len
80, sending broad/multicast
Jul 12 06:02:45.119: IP: s=1.1.1.1 (local), d=224.0.0.5 (Serial2/0), len 80,
sending broad/multicast
Jul 12 06:02:46.543: IP: s=2.2.2.2 (Serial2/0), d=10.10.10.11, len 100,
unroutable
Jul 12 06:02:46.543: IP: tableid=0, s=1.1.1.1 (local),
d=2.2.2.2(Serial2/0), routed via RIB
Jul 12 06:02:46.543: IP: s=1.1.1.1 (local), d=2.2.2.2 (Serial2/0), len 56,
sending
Actually you see the packet drops here..
Why so and what is missing?
Thanks,
Ashok
This archive was generated by hypermail 2.1.4 : Sat Aug 18 2007 - 08:17:40 ART