[c-nsp] ICMP PAT
Everton da Silva Marques
everton at lab.ipaccess.diveo.net.br
Wed Jun 4 09:11:11 EDT 2008
On Wed, Jun 04, 2008 at 12:23:32AM +0300, Ibrahim Abo Zaid wrote:
> Hi Oli
>
> I read that @
> http://www.cisco.com/en/US/technologies/tk648/tk361/tk438/technologies_white_paper09186a00801af2b9.html
>
> best regards
> --Abo Zaid
>
> On Tue, Jun 3, 2008 at 7:03 PM, Oliver Boehmer (oboehmer) <
> oboehmer at cisco.com> wrote:
>
> > Ibrahim Abo Zaid <> wrote on Tuesday, June 03, 2008 10:46 AM:
> >
> > > Hi All
> > >
> > > according to Cisco docs , if ICMP PAT is configured , ICMP packets
> > > sequence numbers are associated to ports in NAT table means a
> > > continuous traffic between a source and
> > > a destination can create up to 65535 entries in NAT table !!!
> > >
> > > is that right , 65K entries for single flow ?
> >
> > no, a continuous ping creates a single entry in the NAT table (just
> > checked).. where did you read the above?
Hi Oliver,
I recently saw the following under c1841-ipbasek9-mz.124-15.T5.bin:
interface FastEthernet0/0
ip address 200.xxx.yyy.171 255.255.255.248
ip nat outside
interface FastEthernet0/1
ip address 10.0.0.1 255.255.255.0
ip nat inside
ip nat inside source static 10.0.0.4 200.xxx.yyy.173
PING requests sent from 10.0.0.4 were translated with
one single static NAT entry.
However, every PING request from outside towards
200.xxx.yyy.173 would create a dynamic NAT entry.
Thus a continuous PING resulted in the NAT table
growing continuosly...
This behavior surprised me but I didn't have the
chance to investigate it further. Can you tell
whether this behavior is actually intended?
Cheers,
Everton
More information about the cisco-nsp
mailing list