Re: Simple Nat question

Or:

debug ip icmp
debug ip nat

That should show you something...

On Wed, Dec 8, 2010 at 3:12 PM, Tyson Scott <tscott_at_ipexpert.com> wrote:

> While you are sending the traffic simply do "show ip nat translations" on
> B.
> If your configuration is correct then you will see the NAT translation
> entries.
>
>
>
> Regards,
>
>
>
> Tyson Scott - CCIE #13513 R&S, Security, and SP
>
> Managing Partner / Sr. Instructor - IPexpert, Inc.
>
> Mailto: <mailto:tscott_at_ipexpert.com> tscott_at_ipexpert.com
>
>
>
>
>
> From: Naufal Jamal [mailto:naufalccie_at_yahoo.in]
> Sent: Wednesday, December 08, 2010 10:10 AM
> To: Tyson Scott
> Cc: ccielab_at_groupstudy.com
> Subject: RE: Simple Nat question
>
>
>
>
> Hi Tyson,
>
> My aim is to see... If I can see the Nat translation happen in B for icmp
> traffic even icmp is blocked in A. ..The config below is correct that you
> sent. its similar to like that only..
>
> --- On Wed, 8/12/10, Tyson Scott <tscott_at_ipexpert.com> wrote:
>
>
> From: Tyson Scott <tscott_at_ipexpert.com>
> Subject: RE: Simple Nat question
> To: "'Naufal Jamal'" <naufalccie_at_yahoo.in>, ccielab_at_groupstudy.com
> Date: Wednesday, 8 December, 2010, 1:55 PM
>
> What's up with so many messages being marked as spam recently on here?
>
> If you are blocking the ICMP on A from the NAT why are you trying to test
> the ping? Are you wanting to get this to work? If so please give more
> information
>
> On B I am presuming you have something similar to the following.
>
> C Local IP 10.10.10.10
> NAT'ed 3.3.3.3
>
> B Configuration
> int f0/0 (towards C)
> ip nat inside
> int f0/1 (towards A)
> ip nat outside
>
> ip nat inside source static 10.10.10.10 3.3.3.3
>
> Providing configurations will greatly reduce the back and forth on here.
>
> Regards,
>
> Tyson Scott - CCIE #13513 R&S, Security, and SP
> Managing Partner / Sr. Instructor - IPexpert, Inc.
> Mailto: tscott_at_ipexpert.com
>
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> Naufal Jamal
> Sent: Wednesday, December 08, 2010 2:14 AM
> To: ccielab_at_groupstudy.com
> Subject: Simple Nat question
>
> Spam detection software, running on the system "groupstudy.com", has
> identified this incoming email as possible spam. The original message
> has been attached to this so you can view it (if it isn't spam) or label
> similar future email. If you have any questions, see
> admin_at_groupstudy.com for details.
>
> Content preview: Hi All, I have 3 router connected like A->B->C. One of
> the
> interfaces of C is trying to ping a server connected to A. I am doing a
> Nat
> in B which translate the source ip of C into a nat subnet which is routed
> between A and B. [...]
>
> Content analysis details: (5.3 points, 5.0 required)
>
> pts rule name description
> ---- ----------------------
> --------------------------------------------------
> 5.4 BAYES_99 BODY: Bayes spam probability is 99 to 100%
> [score: 1.0000]
> -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/,
> low
> trust
> [121.101.151.239 listed in list.dnswl.org]
> 0.0 FREEMAIL_FROM Sender email is freemail
> (naufalccie[at]yahoo.in)
> 0.0 HTML_MESSAGE BODY: HTML included in message
> -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
> author's
> domain
> 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not
> necessarily valid
> -0.1 DKIM_VALID Message has at least one valid DKIM or DK
> signature
>
> The original message was not completely plain text, and may be unsafe to
> open with some email clients; in particular, it may contain a virus,
> or confirm that your address can receive spam. If you wish to view
> it, it may be safer to save it to a file and open it with an editor.
> Received: from nm1.bullet.mail.in.yahoo.com
> (nm1.bullet.mail.in.yahoo.com [121.101.151.239]) by groupstudy.com
> (8.12.11.20060308/8.12.11) with SMTP id oB87DntD018113 GroupStudy
> Mailer; Wed, 8 Dec 2010 02:13:50 -0500
> Received: from [121.101.151.236] by nm1.bullet.mail.in.yahoo.com with
> NNFMP; 08 Dec 2010 07:13:44 -0000
> Received: from [121.101.151.234] by tm1.bullet.mail.in.yahoo.com with
> NNFMP; 08 Dec 2010 07:13:48 -0000
> Received: from [127.0.0.1] by omp1003.mail.in.yahoo.com with NNFMP; 08
> Dec 2010 07:13:43 -0000
> X-Yahoo-Newman-Property: ymail-3
> X-Yahoo-Newman-Id: 69240.89332.bm_at_omp1003.mail.in.yahoo.com
> Received: (qmail 67311 invoked by uid 60001); 8 Dec 2010 07:13:44 -0000
> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com;
> s=s1024; t=1291792424;
> bh=RjZxTs7Vsb9w7eZBdQvJMfN/g7czMmh07yuAovM5hvE=;
>
>
> h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version
> :Content-Type;
>
>
> b=WoW8Xt0V4sK2O4IJLD5jRenc/DWTv4toDyF/mf/dEIylNdIPI7oDcmwyCVa+pQfKR3XtIdchjv
>
> gF40Ofw31CRzsxWl5KHwRQopO4p/q3ckvGUjP38JvP72lne4T3B95Oq9oAbldyVc6hz70XheFKnY
> IUwQn/S2nhGA+1gzZedAo=
> DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.in;
>
>
> h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version
> :Content-Type;
>
>
> b=pKr6FETk2LkH8P3yDGLV16A8O7pSDfbEXGg5I6lquThH3TGeu5AaCkGA8Wdfcll8HGRVynHNFw
>
> iZDVbTa7WzUhqU9MajW/gw9p+nNAWXXMYHk5eKwxAlmWsNCaALbq1gORFKUyQr3qiiXl+OsRcpfE
> zXHHumK8syred1Dfo2et0=
> ;
> Message-ID: <933625.67141.qm_at_web95003.mail.in2.yahoo.com>
> X-YMail-OSG: jEMFoh0VM1lNMXJSoQ.RC5NBDv0w590Tu4Z5an3j_81NMed
> chaP7ivNHwEgqcedEH7H.JFAqQX5dSLxKqUVrWxY6aMg8eJeXP9IlYOimF0f
> lpH3XysAgDcVBGNMDv_hh.eKhlYV4tAyJtaUu9h_LQ7bhApQG0KjYynXFcyC
> gLnz6HdtRlNQxIsd0yJ.NHMLRm7O5v7ny7Ulh
> Received: from [71.40.73.62] by web95003.mail.in2.yahoo.com via HTTP;
> Wed, 08 Dec 2010 12:43:43 IST
> X-Mailer: YahooMailClassic/11.4.20 YahooMailWebService/0.8.107.285259
> Date: Wed, 8 Dec 2010 12:43:43 +0530 (IST)
> From: Naufal Jamal <naufalccie_at_yahoo.in>
> Subject: Simple Nat question
> To: ccielab_at_groupstudy.com
> MIME-Version: 1.0
> Content-Type: text/plain; charset="us-ascii"
> X-Converted-To-Plain-Text: from multipart/alternative by GroupStudy
> X-Converted-To-Plain-Text: Alternative section used was text/plain
>
> Hi All,
>
> I have 3 router connected like A->B->C. One of the interfaces of C is
> trying
> to ping a server connected to A. I am doing a Nat in B which translate the
> source ip of C into a nat subnet which is routed between A and B.
>
> Now C is doing a continuous ping to the server at A. But the icmp is
> blocked
> in A from C.
>
> In such a case should i be seeing any translations in B. Since I am not
> getting any icmp reply on C?
>
> Please clarify
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

-- 
CCIEx2 (R&S|Sec) #19963
Blogs and organic groups at http://www.ccie.net