[c-nsp] ICMP PAT
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Mon Jun 16 03:33:06 EDT 2008
Ibrahim,
sorry for the delay. I checked with NAT folks, and the ICMP ALG
behaviour is not as described in this link, it says "sequence number"
while it should say "identifier". So IOS only creates a single flow for
continuous pings (ping -s foo), but creates multiple flows if you
execute ping multiple times (as the identifier changes)..
oli
Ibrahim Abo Zaid <mailto:ibrahim.abozaid at gmail.com> wrote on Tuesday,
June 03, 2008 11:24 PM:
> Hi Oli
>
>
> I read that @
>
http://www.cisco.com/en/US/technologies/tk648/tk361/tk438/technologies_w
hite_paper09186a00801af2b9.html
>
>
>
>
> best regards
> --Abo Zaid
>
>
> On Tue, Jun 3, 2008 at 7:03 PM, Oliver Boehmer (oboehmer)
> <oboehmer at cisco.com> wrote:
>
>
> Ibrahim Abo Zaid <> wrote on Tuesday, June 03, 2008 10:46 AM:
>
>
> > Hi All
> >
> > according to Cisco docs , if ICMP PAT is configured , ICMP
packets
> > sequence numbers are associated to ports in NAT table means a
> > continuous traffic between a source and
> > a destination can create up to 65535 entries in NAT table !!!
> >
> > is that right , 65K entries for single flow ?
>
>
> no, a continuous ping creates a single entry in the NAT table
(just
> checked).. where did you read the above?
>
> oli
More information about the cisco-nsp
mailing list