Re: NAT Rotary from Radioactive Frog on 2011-01-20 (Ccielab archives 01/2011)

From: Radioactive Frog <pbhatkoti_at_gmail.com>
Date: Thu, 20 Jan 2011 15:42:49 +1100

Not sure but have you tried something similar like this:?

ip nat inside source static udp 10.10.10.111 69 int s0 69

On Thu, Jan 20, 2011 at 7:57 AM, Sadiq Yakasai <sadiqtanko_at_gmail.com> wrote:

> Hi Marcin,
>
> I have 2 issues I would like to point out as possible culprits here:
>
> 1. My understanding is that this NAT feature is actually designed to work
> for TCP traffic only. The documentation below [1] also says that. Although
> I
> must say, I have seen a blog on which a dude states hes tried it out on UDP
> and found it to be working just fine!
>
> 2. TFTP traffic: As you know, TFTP signals on UDP:69 and then switches over
> to these high numbered UDP port numbers, which are somewhat random in
> nature. Now, I am not sure all the subsequent UDP traffic for the actually
> file data transfer will be hitting your NAT policy there! Try modifying the
> access list to match on the range of UDP port numbers that TFTP uses.
>
> [1]
>
> http://www.cisco.com/en/US/docs/ios/ipaddr/configuration/guide/iadnat_addr_consv_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1048769
>
> On Wed, Jan 19, 2011 at 7:06 PM, Marcin Zgola <MZgola_at_netrixllc.com>
> wrote:
>
> > Problem Here is my setup
> >
> > ip nat pool PDSN 192.168.1.10 192.168.1.11 prefix-length 24 type rotary
> > ip nat inside destination list TELNET pool PDSN
> > !
> > ip access-list extended TELNET
> > permit tcp any host 10.16.100.1 eq 23
> > permit udp any host 10.16.100.1 eq tftp
> >
> >
> >
> > This works great for telnet session, but it does now work for UDP.
> >
> > Here is my setup
> >
> > R1---R2---R3 (192.168.1.10)
> > ---R4 (192.168.1.11)
> >
> > I need R1 to initiate a session to 10.16.100.1 and R2 to nat this session
> > to either 192.168.1.10 or 192.168.1.11. it works great for TCP but not
> for
> > UDP.
> >
> >
> >
> > Marcin Zgola
> > Internetwork Lead
> > CCIE #18676
> > Netrix, LLC
> > http://www.netrixllc.com
> > Ph. 847.283.7400
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
> >
>
>
> --
> CCIEx2 (R&S|Sec) #19963
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Thu Jan 20 2011 - 15:42:49 ART

This archive was generated by hypermail 2.2.0 : Tue Feb 01 2011 - 07:39:17 ART