[c-nsp] ASR9006 - CG NAT - VSM-500

Aaron aaron1 at gvtc.com
Wed Dec 16 15:40:47 EST 2015 

Thanks Pshem, but then what would this be ?

 

Outside Address     : 123.234.123.49
Outside Port        : 6437



 

Aaron

 

From: Pshem Kowalczyk [mailto:pshem.k at gmail.com] 
Sent: Wednesday, December 16, 2015 2:11 PM
To: Aaron; cisco-nsp at puck.nether.net; Aftab Siddiqui; quinn snyder
Subject: Re: [c-nsp] ASR9006 - CG NAT - VSM-500

 

Just a wild guess here, but I suspect you might be seeing the source port on your public IP, not the destination port in the CLI (despite the fact it calls it 'destination port').

 

kind regards

Pshem

 

 

On Thu, 17 Dec 2015 at 04:23 Aaron <aaron1 at gvtc.com> wrote:

Syslogging for CGNat is turning up some interesting destination port numbers...I haven't been able to figure out the correlation.  Please let me know if you understand how to convert what IOS XR shows, and what syslog shows...  it seems that syslog is accurate and IOS XR is formatting the number strangely.  2 examples comparing syslog trap to ios xr output shown below.  Everything seems to match EXCEPT that destination port number.

Aaron

**************************************************************************************
EXAMPLE 1 - i'm tring to figure out how destination port 23 somehow is shown as 5888
**************************************************************************************

Syslog trap...

1 2015 Dec 16 14:48:28 - - NAT44 - [SessionbasedAD 6 10.144.0.11 six - 123.234.123.49 49289 6437 - 66.195.95.174 23 ]

IOS XR...

RP/0/RSP0/CPU0:eng-lab-9k-1#sh cgn nat44 nat1 session protocol tcp inside-vrf six inside-address 10.144.0.11 port 49289
Wed Dec 16 08:49:09.010 CST
------------------------------------------------------
NAT44 instance : nat1
------------------------------------------------------
Outside Address     : 123.234.123.49
Outside Port        : 6437
Translation Type    : dynamic
Protocol            : tcp
------------------------------------------------------
  Destination Address       Destination Port
------------------------------------------------------
  66.195.95.174             5888

**************************************************************************************
EXAMPLE 2 - i'm tring to figure out how destination port 80 somehow is shown as 20480
**************************************************************************************

Syslog trap...

1 2015 Dec 16 14:48:39 - - NAT44 - [SessionbasedAD 6 10.144.0.11 six - 123.234.123.49 49290 19520 - 74.125.138.155 80 ]


IOS XR...

RP/0/RSP0/CPU0:eng-lab-9k-1#sh cgn nat44 nat1 session protocol tcp inside-vrf six inside-address 10.144.0.11 port 49290
Wed Dec 16 09:19:38.434 CST
------------------------------------------------------
NAT44 instance : nat1
------------------------------------------------------
Outside Address     : 123.234.123.49
Outside Port        : 19520
Translation Type    : dynamic
Protocol            : tcp
------------------------------------------------------
  Destination Address       Destination Port
------------------------------------------------------
  74.125.138.155            20480
RP/0/RSP0/CPU0:eng-lab-9k-1#


Aaron

More information about the cisco-nsp mailing list