Re: NAT Rotary

Tyson,

Is it that NAT does not work with UDP or that NAT was not designed to
work with
UDP? I ask for clarification because I have seen docs that state
it does work
with UDP. So I interpret what you say as it is simply busted in
the IOS. Did I
get that right?
http://www.cisco.com/en/US/technologies/tk648/tk361/tk438/technologies_white_
paper09186a00801af2b9.html

Make a small loan, Make a big difference -
Kiva.org

________________________________
From: Tyson Scott
<tscott_at_ipexpert.com>
To: Sadiq Yakasai <sadiqtanko_at_gmail.com>; Marcin Zgola
<MZgola_at_netrixllc.com>
Cc: ccielab_at_groupstudy.com
Sent: Thu, January 20, 2011
2:37:09 AM
Subject: RE: NAT Rotary

It is designed to only work for TCP. If
someone has gotten it to work
otherwise I would love to see it but I was never
able to get it to work for
anything other than TCP.

Regards,

Tyson Scott -
CCIE #13513 R&S, Security, and SP
Managing Partner / Sr. Instructor -
IPexpert, Inc.
Mailto: tscott_at_ipexpert.com

-----Original Message-----
From:
nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
Sadiq
Yakasai
Sent: Wednesday, January 19, 2011 12:58 PM
To: Marcin Zgola
Cc:
ccielab_at_groupstudy.com
Subject: Re: NAT Rotary

Hi Marcin,

I have 2 issues I
would like to point out as possible culprits here:

1. My understanding is
that this NAT feature is actually designed to work
for TCP traffic only. The
documentation below [1] also says that. Although I
must say, I have seen a
blog on which a dude states hes tried it out on UDP
and found it to be working
just fine!

2. TFTP traffic: As you know, TFTP signals on UDP:69 and then
switches over
to these high numbered UDP port numbers, which are somewhat
random in
nature. Now, I am not sure all the subsequent UDP traffic for the
actually
file data transfer will be hitting your NAT policy there! Try
modifying the
access list to match on the range of UDP port numbers that TFTP
uses.

[1]
http://www.cisco.com/en/US/docs/ios/ipaddr/configuration/guide/iadnat_addr_c
onsv_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1048769

On Wed,
Jan 19, 2011 at 7:06 PM, Marcin Zgola <MZgola_at_netrixllc.com> wrote:

> Problem
Here is my setup
>
> ip nat pool PDSN 192.168.1.10 192.168.1.11 prefix-length
24 type rotary
> ip nat inside destination list TELNET pool PDSN
> !
> ip
access-list extended TELNET
> permit tcp any host 10.16.100.1 eq 23
> permit
udp any host 10.16.100.1 eq tftp
>
>
>
> This works great for telnet session,
but it does now work for UDP.
>
> Here is my setup
>
> R1---R2---R3
(192.168.1.10)
> ---R4 (192.168.1.11)
>
> I need R1 to initiate a session
to 10.16.100.1 and R2 to nat this session
> to either 192.168.1.10 or
192.168.1.11. it works great for TCP but not for
> UDP.
>
>
>
> Marcin Zgola
>
Internetwork Lead
> CCIE #18676
> Netrix, LLC
> http://www.netrixllc.com
> Ph.
847.283.7400
>
>
> Blogs and organic groups at http://www.ccie.net
>
>
Received on Mon Jan 24 2011 - 19:08:33 ART