[c-nsp] Not Understanding How External IPs Are Appearing In Show IP NAT Statistics Output
Spencer Barnes
spencer at ceiva.com
Tue Feb 26 12:34:21 EST 2008
Hello,
I'm seeing something I don't understand in the output of the show ip nat
statistics command. Our border router has two interfaces, a DS3 and an
uplink to our core router. The border router is running NAT on the
uplink interface to allow particular LAN users access through the DS3 on
one external IP.
Here is the NAT config:
ip nat translation timeout 28800
ip nat translation tcp-timeout 3600
ip nat translation max-entries all-host 300
ip nat pool poolone xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx netmask
255.255.255.192
ip nat inside source list 110 pool poolone overload
ip nat inside source static 172.30.50.207 xxx.xxx.xxx.xxx
access-list 110 remark ----NAT Rules----
access-list 110 deny ip 172.30.50.0 0.0.0.255 172.30.100.0 0.0.0.255
access-list 110 permit ip 172.30.50.0 0.0.0.255 any
access-list 110 permit ip host 192.168.60.10 any
access-list 110 permit ip host 192.168.60.11 any
access-list 110 permit ip host 192.168.60.22 any
access-list 110 permit ip host 192.168.60.30 any
access-list 110 permit ip host 192.168.60.31 any
access-list 110 permit ip host 192.168.60.115 any
access-list 110 permit ip host 192.168.60.94 any
access-list 110 permit ip host 192.168.60.95 any
access-list 110 permit ip host 192.168.60.96 any
access-list 110 permit ip host 192.168.60.97 any
access-list 110 permit ip host 192.168.60.98 any
show ip nat statistics command output:
xxxxxx#show ip nat statistics
Total active translations: 387 (1 static, 386 dynamic; 386 extended)
Outside interfaces:
Serial1/0
Inside interfaces:
FastEthernet2/0
Hits: 135555 Misses: 3730
CEF Translated packets: 139179, CEF Punted packets: 234
Expired translations: 3271
Dynamic mappings:
-- Inside Source
[Id: 1] access-list 110 pool poolone refcount 386
pool poolone: netmask 255.255.255.192
start xxx.xxx.xxx.xxx end xxx.xxx.xxx.xxx
type generic, total addresses 1, allocated 1 (100%), misses 0
nat-limit statistics:
All Host Max allowed: 300
host 172.30.50.128: max allowed 512, used 1, missed 0
host 219.153.40.149: max allowed 512, used 0, missed 0
host 172.30.50.131: max allowed 300, used 5, missed 0
host 192.168.60.94: max allowed 512, used 0, missed 0
host 192.168.60.95: max allowed 512, used 0, missed 0
host 218.234.41.8: max allowed 512, used 0, missed 0
host 221.7.183.84: max allowed 512, used 0, missed 0
host 172.30.50.196: max allowed 512, used 0, missed 0
host 172.30.50.201: max allowed 512, used 0, missed 0
host 192.168.60.10: max allowed 512, used 0, missed 0
host 192.168.60.11: max allowed 512, used 0, missed 0
host 222.161.2.23: max allowed 300, used 0, missed 0
host 123.123.236.129: max allowed 512, used 0, missed 0
host 137.78.158.42: max allowed 512, used 0, missed 0
host 172.30.50.5: max allowed 512, used 6, missed 0
host 218.63.236.143: max allowed 300, used 0, missed 0
host 172.30.50.9: max allowed 512, used 0, missed 0
host 172.30.50.21: max allowed 512, used 3, missed 0
host 172.30.50.22: max allowed 512, used 0, missed 0
host 172.30.50.23: max allowed 512, used 2, missed 0
host 172.30.50.24: max allowed 512, used 3, missed 0
host 172.30.50.25: max allowed 512, used 4, missed 0
host 121.14.136.101: max allowed 512, used 0, missed 0
host 218.3.134.250: max allowed 512, used 0, missed 0
host 172.30.50.41: max allowed 512, used 22, missed 0
host 88.247.81.84: max allowed 512, used 0, missed 0
host 172.30.50.105: max allowed 512, used 1, missed 0
host 218.233.198.25: max allowed 512, used 0, missed 0
host 58.221.252.230: max allowed 512, used 0, missed 0
Queued Packets: 0
The 172.30.50.0/24 subnet is used by our users. Why are IPs from
external networks showing up in this output, such as 218.233.198.25 and
58.221.252.230? Shouldn't the only IPs in this command output be the
ones I permitted via the ACL?
Thank you for your help,
Spencer
More information about the cisco-nsp
mailing list