RE: Simple Nat question

Hi Tyson,

My aim is to see... If I can see the Nat translation happen in B for icmp
traffic even icmp is blocked in A. ..The config below is correct that you
sent. its similar to like that only..

--- On Wed, 8/12/10, Tyson Scott <tscott_at_ipexpert.com> wrote:

From: Tyson Scott <tscott_at_ipexpert.com>
Subject: RE: Simple Nat question
To: "'Naufal Jamal'" <naufalccie_at_yahoo.in>, ccielab_at_groupstudy.com
Date: Wednesday, 8 December, 2010, 1:55 PM

What's up with so many messages being marked as spam recently on here?

If you are blocking the ICMP on A from the NAT why are you trying to test
the ping? Are you wanting to get this to work? If so please give more
information

On B I am presuming you have something similar to the following.

C Local IP 10.10.10.10
NAT'ed 3.3.3.3

B Configuration
int f0/0 (towards C)
 ip nat inside
int f0/1 (towards A)
 ip nat outside

ip nat inside source static 10.10.10.10 3.3.3.3

Providing configurations will greatly reduce the back and forth on here.

Regards,
 
Tyson Scott - CCIE #13513 R&S, Security, and SP
Managing Partner / Sr. Instructor - IPexpert, Inc.
Mailto: tscott_at_ipexpert.com

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
Naufal Jamal
Sent: Wednesday, December 08, 2010 2:14 AM
To: ccielab_at_groupstudy.com
Subject: Simple Nat question

Spam detection software, running on the system "groupstudy.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
admin_at_groupstudy.com for details.

Content preview: Hi All, I have 3 router connected like A->B->C. One of the
   interfaces of C is trying to ping a server connected to A. I am doing a
Nat
   in B which translate the source ip of C into a nat subnet which is routed
   between A and B. [...]

Content analysis details: (5.3 points, 5.0 required)

 pts rule name description
---- ----------------------
--------------------------------------------------
 5.4 BAYES_99 BODY: Bayes spam probability is 99 to 100%
                            [score: 1.0000]
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, low
                            trust
                            [121.101.151.239 listed in list.dnswl.org]
 0.0 FREEMAIL_FROM Sender email is freemail
(naufalccie[at]yahoo.in)
 0.0 HTML_MESSAGE BODY: HTML included in message
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's
                            domain
 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not
necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK
signature

The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
Received: from nm1.bullet.mail.in.yahoo.com
  (nm1.bullet.mail.in.yahoo.com [121.101.151.239]) by groupstudy.com
  (8.12.11.20060308/8.12.11) with SMTP id oB87DntD018113 GroupStudy
  Mailer; Wed, 8 Dec 2010 02:13:50 -0500
Received: from [121.101.151.236] by nm1.bullet.mail.in.yahoo.com with
  NNFMP; 08 Dec 2010 07:13:44 -0000
Received: from [121.101.151.234] by tm1.bullet.mail.in.yahoo.com with
  NNFMP; 08 Dec 2010 07:13:48 -0000
Received: from [127.0.0.1] by omp1003.mail.in.yahoo.com with NNFMP; 08
  Dec 2010 07:13:43 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 69240.89332.bm_at_omp1003.mail.in.yahoo.com
Received: (qmail 67311 invoked by uid 60001); 8 Dec 2010 07:13:44 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com;
  s=s1024; t=1291792424;
  bh=RjZxTs7Vsb9w7eZBdQvJMfN/g7czMmh07yuAovM5hvE=;

h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version
:Content-Type;

b=WoW8Xt0V4sK2O4IJLD5jRenc/DWTv4toDyF/mf/dEIylNdIPI7oDcmwyCVa+pQfKR3XtIdchjv
gF40Ofw31CRzsxWl5KHwRQopO4p/q3ckvGUjP38JvP72lne4T3B95Oq9oAbldyVc6hz70XheFKnY
IUwQn/S2nhGA+1gzZedAo=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.in;

h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version
:Content-Type;

b=pKr6FETk2LkH8P3yDGLV16A8O7pSDfbEXGg5I6lquThH3TGeu5AaCkGA8Wdfcll8HGRVynHNFw
iZDVbTa7WzUhqU9MajW/gw9p+nNAWXXMYHk5eKwxAlmWsNCaALbq1gORFKUyQr3qiiXl+OsRcpfE
zXHHumK8syred1Dfo2et0=
   ;
Message-ID: <933625.67141.qm_at_web95003.mail.in2.yahoo.com>
X-YMail-OSG: jEMFoh0VM1lNMXJSoQ.RC5NBDv0w590Tu4Z5an3j_81NMed
  chaP7ivNHwEgqcedEH7H.JFAqQX5dSLxKqUVrWxY6aMg8eJeXP9IlYOimF0f
  lpH3XysAgDcVBGNMDv_hh.eKhlYV4tAyJtaUu9h_LQ7bhApQG0KjYynXFcyC
  gLnz6HdtRlNQxIsd0yJ.NHMLRm7O5v7ny7Ulh
Received: from [71.40.73.62] by web95003.mail.in2.yahoo.com via HTTP;
  Wed, 08 Dec 2010 12:43:43 IST
X-Mailer: YahooMailClassic/11.4.20 YahooMailWebService/0.8.107.285259
Date: Wed, 8 Dec 2010 12:43:43 +0530 (IST)
From: Naufal Jamal <naufalccie_at_yahoo.in>
Subject: Simple Nat question
To: ccielab_at_groupstudy.com
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Converted-To-Plain-Text: from multipart/alternative by GroupStudy
X-Converted-To-Plain-Text: Alternative section used was text/plain

Hi All,

I have 3 router connected like A->B->C. One of the interfaces of C is trying
to ping a server connected to A. I am doing a Nat in B which translate the
source ip of C into a nat subnet which is routed between A and B.

Now C is doing a continuous ping to the server at A. But the icmp is blocked
in A from C.

In such a case should i be seeing any translations in B. Since I am not
getting any icmp reply on C?

Please clarify

Blogs and organic groups at http://www.ccie.net
Received on Wed Dec 08 2010 - 20:40:03 ART