From: Mike Kraus \(mikraus\) (mikraus@cisco.com)
Date: Sun Jul 01 2007 - 17:13:09 ART
Didn't work.
Here's what I have:
R1 - R2 - R6
R2:
access-list 102 permit icmp any any port-unreachable
access-list 102 permit icmp any any ttl-exceeded
ip nat inside source list 102 interface Loopback0 overload
!
!
!
route-map testrmap permit 10
match ip address 102
set interface Loopback0
interface Serial0/0.256 multipoint
description Frame Relay Cloud 1
ip address 150.50.100.2 255.255.255.0
ip nat outside
ip policy route-map testrmap
interface Loopback0
ip address 200.0.0.2 255.255.255.255
Here was result on R6:
R6#traceroute 200.0.0.1
Type escape sequence to abort.
Tracing the route to 200.0.0.1
1 150.50.100.2 16 msec 16 msec 16 msec
2 150.50.17.1 16 msec
*Jul 1 20:05:59.222: ICMP: time exceeded rcvd from 150.50.100.2 (Still
physical)
*Jul 1 20:05:59.238: ICMP: time exceeded rcvd from 150.50.100.2 (Still
physical)
*Jul 1 20:05:59.254: ICMP: time exceeded rcvd from 150.50.100.2 (Still
physical)
*Jul 1 20:05:59.270: ICMP: dst (150.50.100.6) port unreachable rcv from
150.50.17.1 * 28 msec
R6#
*Jul 1 20:06:02.298: ICMP: dst (150.50.100.6) port unreachable rcv from
150.50.17.1
R6#
Also tried, as it seemed to match the nat flow, but same result:
interface Serial0/0.256 multipoint
description Frame Relay Cloud 1
ip address 150.50.100.2 255.255.255.0
ip nat inside
ip policy route-map testrmap
interface Loopback0
ip address 200.0.0.2 255.255.255.255
ip nat outside
________________________________
From: Derek Pocoroba [mailto:dpocoroba@gmail.com]
Sent: Sunday, July 01, 2007 2:55 PM
To: Mike Kraus (mikraus)
Cc: Antonio Soares; Bhaskar Sivanesan; ccie forum
Subject: Re: traceroute
I believe you also need to use PBR so the ICMP replies are sent to the
loop interface. From there they will get NATd to the loop ip address.
-Derek
On 7/1/07, Mike Kraus (mikraus) <mikraus@cisco.com> wrote:
I just tried this, source is still physical... Tried just doing
ip nat
enable (with NVI) to see if router would magically figure it out
too,
but to no avail.
Have you gotten this to work?
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
Behalf Of
Antonio Soares
Sent: Sunday, July 01, 2007 2:30 PM
To: 'Bhaskar Sivanesan'; 'ccie forum'
Subject: RE: traceroute
None since the traffic is sourced from the router itself.
_____
From: Bhaskar Sivanesan [mailto: bas_bharath@yahoo.com
<mailto:bas_bharath@yahoo.com> ]
Sent: domingo, 1 de Julho de 2007 20:25
To: Antonio Soares; ccie forum
Subject: Re: traceroute
Thanks Antonio, which will be the "ip nat inside" interface in
this
case.
cheers
----- Original Message ----
From: Antonio Soares <amsoares@netcabo.pt>
To: Bhaskar Sivanesan < bas_bharath@yahoo.com
<mailto:bas_bharath@yahoo.com> >; ccie forum
<ccielab@groupstudy.com>
Sent: Sunday, July 1, 2007 8:19:13 PM
Subject: RE: traceroute
The answer is NAT:
Example config:
!
access-list 102 permit icmp any any port-unreachable
access-list 102 permit icmp any any ttl-exceeded
!
ip nat inside source list 102 interface Loopback0 overload
!
!
interface Ethernet1/0
ip nat outside
!
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
Behalf Of
Bhaskar Sivanesan
Sent: domingo, 1 de Julho de 2007 19:58
To: ccie forum
Subject: traceroute
Hi group
How do we change the source IP address in the ICMP TTL exceeded
reply
messages.
Like, when I am doing a traceroute, I want the reply to be
sourced from
the
respective router's loopback ip address rather than the
interface
address?
is there any way to do it?
thanks
This archive was generated by hypermail 2.1.4 : Sat Aug 18 2007 - 08:17:39 ART