Re: NAT intermittent throughout

From: Chris Lewis (chrlewiscsco@gmail.com)
Date: Mon May 01 2006 - 15:10:27 ART

• Next message: Luis Rueda: "RE: BSR-candidate vs IP PIM SEND-RP-DISCOVERY"
• Previous message: Shamin: "Re: IEWB VER3.0 LAB5 TASK 4.6 (Redundancy)"
• Maybe in reply to: Stephen Vallois-Davies: "NAT intermittent throughout"
• Next in thread: ccie@lockdown.nu: "Re: NAT intermittent throughout"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I think your issue stems from the order of operation necessary between
routing and NAT.

Translations from inside to outside must route first, then translate to get
the packet to the right interface. Translations from outside to inside must
NAT first then route to get to the right interface. Note that if you are
translating from outside to inside, the add-route option is necessary to put
a /32 in to correct the routing (or manual insertino of a /32 route).

Some debugs of ip nat and ip packet should illustrate this.

Chris

On 5/1/06, Stephen Vallois-Davies <cisco@lockdown.nu> wrote:
>
> Hi All,
>
> I was setting up some NAT, and came across an odd intermittent traffic
> throughput problem.
>
> The setup is as follows:
>
>
>
> PC2 ------------- R5 ------------------ PC1
> F0/0 f0/1.999 vlan 999
>
> PC2 = 1.10.10.4
> pc1 = 128.1.5.1
>
> With R5 having the following config:
>
> interface FastEthernet0/0
> ip address 1.10.11.249 255.255.254.0
> ip nat inside
> !
> interface FastEthernet0/1.999
> encapsulation dot1Q 999
> ip address 128.1.5.5 255.255.255.0
> ip nat outside
> !
> ip route 1.10.13.250 255.255.255.255 128.1.5.1
> ip route 128.1.6.0 255.255.255.0 FastEthernet0/0
> !
> ip nat inside source static 1.10.10.4 128.1.6.254
> ip nat outside source static 128.1.5.1 1.10.13.250
> !
>
> If the route for the outside global addresses is a host
> route to PC2, then traffic will flow between PC1 and PC2
>
> However if the route is as follows:
>
> ip route 1.10.13.250 255.255.255.255 f0/1.999
>
> then the packet throughput is intermittent. With a ping from
> PC1 to PC2, PC2 will always send the echo request to PC1 as follows:
>
> 1.10.10.4 -> 1.10.13.250
>
> but then R5 has a problem forwarding/translating the packet.
>
> Arp entries, nat entries all look good. Any ideas?
>
> For the outside->inside translation I can use a host as destination for
> route, or interface, and translation is unaffected.
>
> It only seems to be a problem for the 'ip nat outside' configurations.
>
> Cheers, Steve.
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Luis Rueda: "RE: BSR-candidate vs IP PIM SEND-RP-DISCOVERY"
• Previous message: Shamin: "Re: IEWB VER3.0 LAB5 TASK 4.6 (Redundancy)"
• Maybe in reply to: Stephen Vallois-Davies: "NAT intermittent throughout"
• Next in thread: ccie@lockdown.nu: "Re: NAT intermittent throughout"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 01 2006 - 06:33:20 ART