[c-nsp] ICMP PAT
Ibrahim Abo Zaid
ibrahim.abozaid at gmail.com
Mon Jun 16 04:40:03 EDT 2008
Oliver
many thanks for this info . i really appreciate that :)
best regards
--Ibrahim
On Mon, Jun 16, 2008 at 10:33 AM, Oliver Boehmer (oboehmer) <
oboehmer at cisco.com> wrote:
> Ibrahim,
>
> sorry for the delay. I checked with NAT folks, and the ICMP ALG
> behaviour is not as described in this link, it says "sequence number"
> while it should say "identifier". So IOS only creates a single flow for
> continuous pings (ping -s foo), but creates multiple flows if you
> execute ping multiple times (as the identifier changes)..
>
> oli
>
> Ibrahim Abo Zaid <mailto:ibrahim.abozaid at gmail.com> wrote on Tuesday,
> June 03, 2008 11:24 PM:
>
> > Hi Oli
> >
> >
> > I read that @
> >
> http://www.cisco.com/en/US/technologies/tk648/tk361/tk438/technologies_w
> hite_paper09186a00801af2b9.html<http://www.cisco.com/en/US/technologies/tk648/tk361/tk438/technologies_white_paper09186a00801af2b9.html>
> >
> >
> >
> >
> > best regards
> > --Abo Zaid
> >
> >
> > On Tue, Jun 3, 2008 at 7:03 PM, Oliver Boehmer (oboehmer)
> > <oboehmer at cisco.com> wrote:
> >
> >
> > Ibrahim Abo Zaid <> wrote on Tuesday, June 03, 2008 10:46 AM:
> >
> >
> > > Hi All
> > >
> > > according to Cisco docs , if ICMP PAT is configured , ICMP
> packets
> > > sequence numbers are associated to ports in NAT table means a
> > > continuous traffic between a source and
> > > a destination can create up to 65535 entries in NAT table !!!
> > >
> > > is that right , 65K entries for single flow ?
> >
> >
> > no, a continuous ping creates a single entry in the NAT table
> (just
> > checked).. where did you read the above?
> >
> > oli
>
More information about the cisco-nsp
mailing list