[c-nsp] how NAt works from outside to inside

Mon Apr 1 11:16:29 EDT 2013

Hi Sam,
	This shouldn't be happening (as you are mentioning it).  So probably there are some details missing from your description that will explain this.
	How are you seeing the source and destination addresses of the ping packets? (debug in router? Sniffer in each host? Etc)
	What type are the ICMP packets? (you should be able to see this either on the sniffer or the debug... the types are: http://www.nthelp.com/icmp.html)

	Are the source and destination hosts PC's connected to the router? (or are you using loopback interfaces, etc)

	The following link might help you http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094c32.shtml

	By the way, I understand that when you change the Cisco router by a freebsd system the host (192.168.2.1) seems to receive the same packet reply but now the host acts differently... this is not possible... the host shouldn't be able to tell whether the packet was sent from a cisco router or a freebsd system (in both cases it receives src: 192.168.2.50----> dst:192.168.2.1 type=0 if it is a reply)... so we have something missing... if the host act differently the this are different packets...  (The only difference would be the MAC address of the freebsd system and the this should remind us of ARP but I won't go there if not required... this dependes on your answers to the questions above)

Regards,
Manuel 

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Matt Thompson mthompson-at-brightsolid.com |puck.nether.net nsp|
Sent: Sunday, March 31, 2013 7:00 AM
To: Manuel Berrocal (mberroca); s m
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] how NAt works from outside to inside

Date: Sat, 30 Mar 2013 13:17:00 +0430
From: s m <sam.gh1986 at gmail.com<mailto:sam.gh1986 at gmail.com>>
To: cisco-nsp at puck.nether.net<mailto:cisco-nsp at puck.nether.net>
Subject: [c-nsp] how NAt works from outside to inside
Message-ID:
        <CAA_1SgGGNvk-dPbs+2osTnLSEDPUbxSZs3YTTfVfy0kN3+KcbA at mail.gmail.com<mailto:CAA_1SgGGNvk-dPbs%2B2osTnLSEDPUbxSZs3YTTfVfy0kN3%2BKcbA at mail.gmail.com>>
Content-Type: text/plain; charset=ISO-8859-1

hello all

i am newbie in NAT and i have some problem. i want to have a dynamic nat and this is my topology:

192.168.1.1-----> cisco 2800 ------> 192.168.2.1

and this is my configuration in cisco 2800:

interface GigabitEthernet 0/0
ip address 192.168.2.2 255.255.255.0
ip nat outside
ip virtual-reassebly in
duplex auto
speed auto

interface GigabitEthernet 0/1
ip address 192.168.1.2 255.255.255.0
ip nat inside
ip virtual-reassebly in
duplex auto
speed auto

ip nat pool t 192.168.2.50 192.168.2.60 netmask 255.255.255.0 ip nat inside source list 1 pool t access-list 1 permit any

when i ping 192.168.2.1 from 192.168.1.1 (from inside to outside), every thing is ok and nat is done correctly but when i ping
192.168.1.1 from 192.168.2.1 (from outside to inside),  packets that received in 192.168.2.1 are as below:

request packets:   src:192.168.2.1----> dst: 192.168.1.1
reply packets:       src: 192.168.2.50----> dst:192.168.2.1

and 192.168.2.1 system accept these packets as its reply!!! i think this behavior is wrong, isn't it? how it is happen? moreover, if i put a freebsd system instead of cisco, everything is the same except that
192.168.2.1 does not accept the reply packets as its reply (as i expected!!). please let me know if the cisco behavior is correct or not and  if it is correct, how cisco router do that?

please help me if i am misunderstanding.
thanks in advance