From: Lab Candidate (labccie@xxxxxxxxx)
Date: Fri Feb 22 2002 - 22:16:00 GMT-3
Ahmed,
If you're trying to NAT an inside address to be accessed from Internet, your co
nfig won't work.
Instead, like I said earlier, you need to use
ip nat inside source static 192.168.1.2 10.10.10.2
--- Ahmed Mamoor Amimi <mamoor@ieee.org> wrote:
> I think i got the answer.... it was just because that when R3 pings R1 , ...
> R3 address is translated to 192.168.1.100 . R2 gets
> the packet and first translate then route (as R3 on outside network) ...
> when on return from R1, R2 first ROUTE then translate. So the point is
> route.... as the address 192.168.1.100 is of the same major network that is
> 192.168.1.x found on R2 ehternet 0 so R2 just thinks that this packet belong
> to the same subnet why should i pass it to E1.
>
> I just configure it a different way that when R3 address is translated it
> will translate to 2.2.2.2 but this also didnt worked. after some
> investigation i found that R2 is getting "non-routable 2.2.2.2" as when on
> retun it will first "ROUTE THEN TRANSLATE" on inside network. So i just put
> a static route that u can find 2.2.2.2 on R3.... and u know what everything
> works fine.
>
> The problem was that the translated address for R1 and R3 was from there
> respective networks that is R1 was getting 10.10.10.10 which reside between
> R2 and R3 and R3 was getting translated to 192.168.1.100 which is between R1
> and R2.
> My configs are all right as this is the normal behaviour of NAT so
> should watch out when translating dont give the address from that traget
> network pool.
>
> Also see :
> http://www.cisco.com/warp/public/556/1.html
> http://www.cisco.com/warp/public/556/2.html
>
> -Mamoor
>
>
>
> ----- Original Message -----
> From: George Hansen <HansenG@radiological.com>
> To: <ccielab@groupstudy.com>
> Cc: <mamoor@ieee.org>
> Sent: Saturday, February 23, 2002 4:22 AM
> Subject: Re: unexpected behaviour or NAT or i am overlooking
>
>
> > What would make R2 generate the Ping response for address 192.168.1.100
> (see R2 debug s=192.168.1.100 (local))? I suspect there is something in your
> config on R2.
> >
> > George
> >
> > >>> "Ahmed Mamoor Amimi" <mamoor@ieee.org> 02/22/02 01:09PM >>>
> > Hi,
> > I have very very simple NAT :
> > (inside)R1---------------(e0)R2(NAT)(e1)-----------R3(outside)
> > R2 : 192.168.1.1 ---> e0
> > 10.10.10.1 -----> e1
> > R2 : 192.168.1.2
> > R3 : 10.10.10.2
> >
> > At R2 i have stated :
> > ip nat inside static 192.168.1.2 10.10.10.10
> > When ever ip add 192.168.1.2 comes translate it to 10.10.10.10
> >
> > ip nat outside static 10.10.10.2 192.168.1.100
> > When ever ip add 10.10.10.2 comes translate it to 192.168.1.100
> >
> > R1 and R3 are having a default route to R2.
> >
> > When i ping from R1 it is successful and translation occur.
> > As R1 is inside so routing first occur then translation.
> >
> > When i ping from R3 it is not successful but translation occur
> > As R3 is outside translation occur then routing.
> >
> >
> > R3 is sending the packet to R1 and R1 is reciveing it as a source of
> > 192.168.1.100, as NAT translate from 10.10.10.2 --> 192.168.1.100
> > And R1 is also send the packet to destination of 192.168.1.100 but when
> R2
> > recive it , it returns the packet to the same ethernet and dont let to
> packet
> > been return translated to 10.10.10.2 as 192.168.1.100 --> 10.10.10.2
> >
> > here is the debug of R1 when i ping from R3
> > r1#
> > 01:23:43: IP: s=192.168.1.100 (Ethernet0), d=192.168.1.2, len 100, rcvd 1
> > 01:23:43: ICMP type=8, code=0
> > 01:23:43: IP: s=192.168.1.2 (local), d=192.168.1.100 (Ethernet0), len 100,
> > sendi
> > ng
> > 01:23:43: ICMP type=0, code=0
> > r1#
> > 01:23:45: IP: s=192.168.1.100 (Ethernet0), d=192.168.1.2, len 100, rcvd 1
> > 01:23:45: ICMP type=8, code=0
> > 01:23:45: IP: s=192.168.1.2 (local), d=192.168.1.100 (Ethernet0), len 100,
> > sendi
> > ng
> > 01:23:45: ICMP type=0, code=0
> >
> > it is clearing saying that it is reciving the ping from 192.168.1.100 and
> then
> > sending back to it but when R2 gets it packet it say :
> >
> > 01:16:12: IP: s=192.168.1.2 (Ethernet0), d=192.168.1.100 (Ethernet0), len
> 100,
> > r
> > cvd 3
> > 01:16:12: ICMP type=0, code=0
> > 01:16:12:
> > framer7#
> > 01:16:14: IP: s=192.168.1.2 (Ethernet0), d=192.168.1.100 (Ethernet0), len
> 100,
> > r
> > cvd 3
> > 01:16:14: ICMP type=0, code=0
> >
> > it is clear that R2 is recives the packet from R1 then it return the
> packet to
> > ethernet 0 .
> >
> > ........
> > The funny thing is that when i directly ping from R1 to address
> 192.168.1.100
> > then it succeed.
> > here is the debug of R2 :
> >
> > 01:31:32: ICMP type=0, code=0
> > 01:31:32:
> > 01:31:33: IP: s=192.168.1.2 (Ethernet0), d=192.168.1.100 (Ethernet0), len
> 100,
> > r
> > cvd 3
> > 01:31:33: ICMP type=8, code=0
> > 01:31:33:
> > 01:31:33: IP: s=192.168.1.100 (local), d=192.168.1.2 (Ethernet0), len 100,
> > sendi
> > ng
> > 01:31:33: ICMP type=0, code=0
> > 01:31:33:
> > 01:31:33: IP: s=192.168.1.2 (Ethernet0), d=192.168.1.100 (Ethernet0), len
> 100,
> > r
> > cvd 3
> > 01:31:33: ICMP type=8, code=0
> > 01:31:33:
> > 01:31:33: IP: s=192.168.1.100 (local), d=192.168.1.2 (Ethernet0), len 100,
> > sendi
> > ng
> > 01:31:33: ICMP type=0, code=0
> >
> >
> > Summary : from R1 i can ping to R3 translated
> > from R3 i cant ping R1 translated
> > R1 is in inside
> > R3 is in outside
> >
> >
> > -Mamoor
This archive was generated by hypermail 2.1.4 : Thu Jun 20 2002 - 13:46:31 GMT-3