[c-nsp] Not Understanding How External IPs Are Appearing In Show IPNAT Statistics Output

Darryl Dunkin ddunkin at netos.net
Tue Feb 26 14:14:29 EST 2008 

Try "show ip nat translations" instead (if too much, add " | i
218.233.198.25" to that).

You'll get a raw output on the source and destination. Chances are these
will match up to your static translation with 172.30.50.207.

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Spencer Barnes
Sent: Tuesday, February 26, 2008 09:34
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] Not Understanding How External IPs Are Appearing In
Show IPNAT Statistics Output

Hello,

 

I'm seeing something I don't understand in the output of the show ip nat
statistics command.  Our border router has two interfaces, a DS3 and an
uplink to our core router.  The border router is running NAT on the
uplink interface to allow particular LAN users access through the DS3 on
one external IP.  

 

Here is the NAT config:

 

ip nat translation timeout 28800

ip nat translation tcp-timeout 3600

ip nat translation max-entries all-host 300

ip nat pool poolone xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx netmask
255.255.255.192

ip nat inside source list 110 pool poolone overload

ip nat inside source static 172.30.50.207 xxx.xxx.xxx.xxx  

 

access-list 110 remark ----NAT Rules----

access-list 110 deny   ip 172.30.50.0 0.0.0.255 172.30.100.0 0.0.0.255

access-list 110 permit ip 172.30.50.0 0.0.0.255 any

access-list 110 permit ip host 192.168.60.10 any

access-list 110 permit ip host 192.168.60.11 any

access-list 110 permit ip host 192.168.60.22 any

access-list 110 permit ip host 192.168.60.30 any

access-list 110 permit ip host 192.168.60.31 any

access-list 110 permit ip host 192.168.60.115 any

access-list 110 permit ip host 192.168.60.94 any

access-list 110 permit ip host 192.168.60.95 any

access-list 110 permit ip host 192.168.60.96 any

access-list 110 permit ip host 192.168.60.97 any

access-list 110 permit ip host 192.168.60.98 any

 

show ip nat statistics command output:

 

xxxxxx#show ip nat statistics 

Total active translations: 387 (1 static, 386 dynamic; 386 extended)

Outside interfaces:

  Serial1/0

Inside interfaces: 

  FastEthernet2/0

Hits: 135555  Misses: 3730

CEF Translated packets: 139179, CEF Punted packets: 234

Expired translations: 3271

Dynamic mappings:

-- Inside Source

[Id: 1] access-list 110 pool poolone refcount 386

 pool poolone: netmask 255.255.255.192

        start xxx.xxx.xxx.xxx end xxx.xxx.xxx.xxx

        type generic, total addresses 1, allocated 1 (100%), misses 0

nat-limit statistics:

 All Host Max allowed: 300

 host 172.30.50.128: max allowed 512, used 1, missed 0

 host 219.153.40.149: max allowed 512, used 0, missed 0

 host 172.30.50.131: max allowed 300, used 5, missed 0

 host 192.168.60.94: max allowed 512, used 0, missed 0

 host 192.168.60.95: max allowed 512, used 0, missed 0

 host 218.234.41.8: max allowed 512, used 0, missed 0

 host 221.7.183.84: max allowed 512, used 0, missed 0

 host 172.30.50.196: max allowed 512, used 0, missed 0

 host 172.30.50.201: max allowed 512, used 0, missed 0

 host 192.168.60.10: max allowed 512, used 0, missed 0

 host 192.168.60.11: max allowed 512, used 0, missed 0

 host 222.161.2.23: max allowed 300, used 0, missed 0

 host 123.123.236.129: max allowed 512, used 0, missed 0

 host 137.78.158.42: max allowed 512, used 0, missed 0

 host 172.30.50.5: max allowed 512, used 6, missed 0

 host 218.63.236.143: max allowed 300, used 0, missed 0

 host 172.30.50.9: max allowed 512, used 0, missed 0

 host 172.30.50.21: max allowed 512, used 3, missed 0

 host 172.30.50.22: max allowed 512, used 0, missed 0

 host 172.30.50.23: max allowed 512, used 2, missed 0

 host 172.30.50.24: max allowed 512, used 3, missed 0

 host 172.30.50.25: max allowed 512, used 4, missed 0

 host 121.14.136.101: max allowed 512, used 0, missed 0

host 218.3.134.250: max allowed 512, used 0, missed 0

 host 172.30.50.41: max allowed 512, used 22, missed 0

 host 88.247.81.84: max allowed 512, used 0, missed 0

host 172.30.50.105: max allowed 512, used 1, missed 0

 host 218.233.198.25: max allowed 512, used 0, missed 0

 host 58.221.252.230: max allowed 512, used 0, missed 0

Queued Packets: 0

 

The 172.30.50.0/24 subnet is used by our users.  Why are IPs from
external networks showing up in this output, such as 218.233.198.25 and
58.221.252.230?  Shouldn't the only IPs in this command output be the
ones I permitted via the ACL?

 

Thank you for your help,

 

Spencer

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list