Re: NAT Rotary

Ah....my bad.

Thanks for the clarification.

Dave

 Make a small loan, Make
a big difference - Kiva.org

________________________________
From: Sadiq
Yakasai <sadiqtanko_at_gmail.com>
To: Dave Serra <maybeedave_at_yahoo.com>
Cc: Tyson
Scott <tscott_at_ipexpert.com>; Marcin Zgola <MZgola_at_netrixllc.com>;
ccielab_at_groupstudy.com
Sent: Tue, January 25, 2011 5:20:10 AM
Subject: Re: NAT
Rotary

Dave,

Its not that NAT is not designed to work with UDP. Most NAT
features do work
perfectly fine for UDP traffic.

There is a NAT feature for
translating destination port numbers (inside
destination) with ROTARY type of
NAT pool. This is the particular feature
that we are referring to. This is the
same feature that Tyson made a
reference to as well.

Read this link below
please:
http://www.cisco.com/en/US/docs/ios/ipaddr/configuration/guide/iadnat_addr_co
nsv_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1048769

Sadiq
On Tue, Jan 25, 2011 at 3:08 AM, Dave Serra <maybeedave_at_yahoo.com> wrote:

>
Tyson,
>
> Is it that NAT does not work with UDP or that NAT was not designed
to work
> with UDP? I ask for clarification because I have seen docs that
state it
> does work with UDP. So I interpret what you say as it is simply
busted in
> the IOS. Did I get that right?
>
>
>http://www.cisco.com/en/US/technologies/tk648/tk361/tk438/technologies_white
_paper09186a00801af2b9.html
>l
>
>
> Make a small loan, Make a big difference
- Kiva.org
>
>
> ------------------------------
> *From:* Tyson Scott
<tscott_at_ipexpert.com>
> *To:* Sadiq Yakasai <sadiqtanko_at_gmail.com>; Marcin
Zgola <
> MZgola_at_netrixllc.com>
> *Cc:* ccielab_at_groupstudy.com
> *Sent:* Thu,
January 20, 2011 2:37:09 AM
> *Subject:* RE: NAT Rotary
>
> It is designed to
only work for TCP. If someone has gotten it to work
> otherwise I would love
to see it but I was never able to get it to work for
> anything other than
TCP.
>
> Regards,
>
> Tyson Scott - CCIE #13513 R&S, Security, and SP
>
Managing Partner / Sr. Instructor - IPexpert, Inc.
> Mailto:
tscott_at_ipexpert.com
>
> -----Original Message-----
> From:
nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> Sadiq
Yakasai
> Sent: Wednesday, January 19, 2011 12:58 PM
> To: Marcin Zgola
> Cc:
ccielab_at_groupstudy.com
> Subject: Re: NAT Rotary
>
> Hi Marcin,
>
> I have 2
issues I would like to point out as possible culprits here:
>
> 1. My
understanding is that this NAT feature is actually designed to work
> for TCP
traffic only. The documentation below [1] also says that. Although
> I
> must
say, I have seen a blog on which a dude states hes tried it out on UDP
> and
found it to be working just fine!
>
> 2. TFTP traffic: As you know, TFTP
signals on UDP:69 and then switches over
> to these high numbered UDP port
numbers, which are somewhat random in
> nature. Now, I am not sure all the
subsequent UDP traffic for the actually
> file data transfer will be hitting
your NAT policy there! Try modifying the
> access list to match on the range
of UDP port numbers that TFTP uses.
>
> [1]
>
>
http://www.cisco.com/en/US/docs/ios/ipaddr/configuration/guide/iadnat_addr_c
>
onsv_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1048769
>
> On
Wed, Jan 19, 2011 at 7:06 PM, Marcin Zgola <MZgola_at_netrixllc.com>
> wrote:
>
>
> Problem Here is my setup
> >
> > ip nat pool PDSN 192.168.1.10 192.168.1.11
prefix-length 24 type rotary
> > ip nat inside destination list TELNET pool
PDSN
> > !
> > ip access-list extended TELNET
> > permit tcp any host
10.16.100.1 eq 23
> > permit udp any host 10.16.100.1 eq tftp
> >
> >
> >
> >
This works great for telnet session, but it does now work for UDP.
> >
> >
Here is my setup
> >
> > R1---R2---R3 (192.168.1.10)
> > ---R4
(192.168.1.11)
> >
> > I need R1 to initiate a session to 10.16.100.1 and R2
to nat this session
> > to either 192.168.1.10 or 192.168.1.11. it works great
for TCP but not
> for
> > UDP.
> >
> >
> >
> > Marcin Zgola
> > Internetwork
Lead
> > CCIE #18676
> > Netrix, LLC
> > http://www.netrixllc.com
> > Ph.
847.283.7400
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
>
> _______________________________________________________________________
> >
Subscription information may be found at:
> >
http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
> >
>
>
> --
> CCIEx2 (R&S|Sec) #19963
>
>
> Blogs and organic groups at
http://www.ccie.net
>
>
Received on Tue Jan 25 2011 - 06:12:42 ART