Hi,
I have an ongoing problem with trying to translate the source and
destination address of packets on a 3620.
I have done a lot of debugging to try and resolve this, the output is below.
From what I can see the packets are being translated as they enter the
network but the replies back out are not being "reverse translated"
If any one can provide any suggestions I would appreciate it.
Here is the config I'm using:
interface FastEthernet0/0
ip address 42.20.0.3 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 213.146.131.6 255.255.255.224
ip nat outside
duplex auto
speed auto
!
ip nat inside source static 42.20.0.8 213.146.131.7
ip nat outside source static 213.146.130.30 42.20.0.7
ip classless
ip route 0.0.0.0 0.0.0.0 213.146.131.1
To enable me to do extra debugging the address translation now points to
another Cisco router.
This is the debugging I have been doing:
debug ip packet detail
From the router doing the NAT
#debug ip packet det
IP packet debugging is on (detailed)
1d05h: IP: s=42.20.0.8 (FastEthernet0/0), d=42.20.0.7 (FastEthernet0/0), len
60, rcvd 3
1d05h: ICMP type=0, code=0
1d05h: IP: s=42.20.0.8 (FastEthernet0/0), d=42.20.0.7 (FastEthernet0/0), len
60, rcvd 3
1d05h: ICMP type=0, code=0
1d05h: IP: s=42.20.0.8 (FastEthernet0/0), d=42.20.0.7 (FastEthernet0/0), len
60, rcvd 3
1d05h: ICMP type=0, code=0
1d05h: IP: s=42.20.0.8 (FastEthernet0/0), d=42.20.0.7 (FastEthernet0/0), len
60, rcvd 3
1d05h: ICMP type=0, code=0
1d05h: IP: s=42.20.0.8 (FastEthernet0/0), d=42.20.0.7 (FastEthernet0/0), len
60, rcvd 3
From the router receiving the NAT:
#debug ip packet det
IP packet debugging is on (detailed)
IP: s=42.20.0.7 (Ethernet0), d=42.20.0.8, len 74, rcvd 1
ICMP type=8, code=0
IP: s=42.20.0.8 (local), d=42.20.0.7 (Ethernet0), len 74, sending
ICMP type=0, code=0
IP: s=42.20.0.7 (Ethernet0), d=42.20.0.8, len 74, rcvd 1
ICMP type=8, code=0
IP: s=42.20.0.8 (local), d=42.20.0.7 (Ethernet0), len 74, sending
ICMP type=0, code=0
IP: s=42.20.0.7 (Ethernet0), d=42.20.0.8, len 74, rcvd 1
ICMP type=8, code=0
IP: s=42.20.0.8 (local), d=42.20.0.7 (Ethernet0), len 74, sending
ICMP type=0, code=0
IP: s=42.20.0.7 (Ethernet0), d=42.20.0.8, len 74, rcvd 1
I can see the packets 42.20.0.8 replying to and from 42.20.0.7, the
translation appears to be working ok?
debug ip nat
IP NAT debugging is on
#
1d05h: NAT: o: icmp (213.146.130.30, 48469) -> (213.146.131.7, 48469) [6482]
1d05h: NAT: s=213.146.130.30->42.20.0.7, d=213.146.131.7 [6482]
1d05h: NAT: s=42.20.0.7, d=213.146.131.7->42.20.0.8 [6482]
1d05h: NAT*: o: icmp (213.146.130.30, 48474) -> (213.146.131.7, 48474)
[6488]
1d05h: NAT*: s=213.146.130.30->42.20.0.7, d=213.146.131.7 [6488]
1d05h: NAT*: s=42.20.0.7, d=213.146.131.7->42.20.0.8 [6488]
1d05h: NAT*: o: icmp (213.146.130.30, 48479) -> (213.146.131.7, 48479)
[6497]
1d05h: NAT*: s=213.146.130.30->42.20.0.7, d=213.146.131.7 [6497]
1d05h: NAT*: s=42.20.0.7, d=213.146.131.7->42.20.0.8 [6497]
1d05h: NAT*: o: icmp (213.146.130.30, 48484) -> (213.146.131.7, 48484)
[6506]
1d05h: NAT*: s=213.146.130.30->42.20.0.7, d=213.146.131.7 [6506]
1d05h: NAT*: s=42.20.0.7, d=213.146.131.7->42.20.0.8 [6506]
> - debug ip nat detail
#debug ip nat det
IP NAT detailed debugging is on
#
1d05h: NAT: o: icmp (213.146.130.30, 48959) -> (213.146.131.7, 48959) [7105]
1d05h: NAT: s=213.146.130.30->42.20.0.7, d=213.146.131.7 [7105]
1d05h: NAT: s=42.20.0.7, d=213.146.131.7->42.20.0.8 [7105]
1d05h: NAT*: o: icmp (213.146.130.30, 48985) -> (213.146.131.7, 48985)
[7117]
1d05h: NAT*: s=213.146.130.30->42.20.0.7, d=213.146.131.7 [7117]
1d05h: NAT*: s=42.20.0.7, d=213.146.131.7->42.20.0.8 [7117]
1d05h: NAT*: o: icmp (213.146.130.30, 48990) -> (213.146.131.7, 48990)
[7122]
1d05h: NAT*: s=213.146.130.30->42.20.0.7, d=213.146.131.7 [7122]
1d05h: NAT*: s=42.20.0.7, d=213.146.131.7->42.20.0.8 [7122]
> - show ip alias
#sh ip aliases
Address Type IP Address Port
Dyn. Alias 42.20.0.7
Interface 42.20.0.3
Interface 213.146.131.6
Dyn. Alias 213.146.131.7
> - show arp
#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 42.20.0.19 1 0002.a508.e29b ARPA FastEthernet0/0
Internet 42.20.0.8 17 0050.5498.be84 ARPA FastEthernet0/0
Internet 42.20.0.6 0 00b0.64fb.4512 ARPA FastEthernet0/0
Internet 42.20.0.7 - 00d0.588c.57c0 ARPA FastEthernet0/0
Internet 42.20.0.5 101 0003.e389.96c2 ARPA FastEthernet0/0
Internet 42.20.0.3 - 00d0.588c.57c0 ARPA FastEthernet0/0
Internet 42.20.0.1 102 0000.0c07.ac66 ARPA FastEthernet0/0
Internet 213.146.131.6 - 00d0.588c.57d0 ARPA FastEthernet1/0
Internet 213.146.131.7 - 00d0.588c.57d0 ARPA FastEthernet1/0
Internet 213.146.131.1 53 0000.0c07.ac09 ARPA FastEthernet1/0
Internet 213.146.131.3 53 00d0.ba0d.de72 ARPA FastEthernet1/0
> - sh ip nat trans
#sh ip nat translations
Pro Inside global Inside local Outside local
Outside global
--- 213.146.131.7 42.20.0.8 42.20.0.7
213.146.130.30
--- 213.146.131.7 42.20.0.8 --- ---
--- --- --- 42.20.0.7
213.146.130.30
Here is the arp table from the router I'm using for the extra debugging:
#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 42.0.6.10 35 0000.0c07.ac66 ARPA Ethernet0
Internet 42.20.0.8 - 0050.5498.be84 ARPA Ethernet0
Internet 42.20.0.7 34 00d0.588c.57c0 ARPA Ethernet0
Internet 42.20.0.1 35 0000.0c07.ac66 ARPA Ethernet0
Internet 193.0.0.1 28 00d0.588c.57c0 ARPA Ethernet0
Internet 213.146.130.30 22 00d0.588c.57c0 ARPA Ethernet0
As you can see the arp for 42.20.0.7 has the correct mac address of the
router doing the NAT:
sh int fa0/0
FastEthernet0/0 is up, line protocol is up
Hardware is AmdFE, address is 00d0.588c.57c0
Any idea why the arp for 213.146.130.30 is included with the mac address of
the Cisco doing the NAT? It also has the 193.0.0.1 address that I often use
for tests. Why would the router doing NAT do Proxy arp for these addresses?
Thanks in Advance,
Steve.
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:41 EDT