RE: Change Source of ICMP Unreachable

From: Szarmach, Douglas (Douglas.Szarmach@cmegroup.com)
Date: Thu Aug 16 2007 - 17:39:23 ART

• Next message: Bajo: "Re: AutoRP filter-list"
• Previous message: Narbik Kocharians: "Re: got to love cisco"
• Maybe in reply to: Szarmach, Douglas: "Change Source of ICMP Unreachable"
• Next in thread: Bit Gossip: "Re: Change Source of ICMP Unreachable"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I found the following solution from an archive message...but testing it
on a 3560 --> 3825 --> 3560 is resulting in no change to source, even
though packets are showing matches on the 'local policy'. No NAT
translations ever get made.

interface Loopback0
 ip address 150.1.3.3 255.255.255.0
 ip nat outside
!
interface Loopback1
 ip address 3.3.3.3 255.255.255.255
 ip nat inside
 ip policy route-map POL1
!
ip local policy route-map POL
ip nat inside source list 101 interface Loopback0 overload
!
access-list 101 permit icmp any any port-unreachable
access-list 101 permit icmp any any time-exceeded
!
route-map POL permit 10
 match ip address 101
 set interface Loopback1
!
route-map POL1 permit 10
 set interface Loopback0

Rack1R1#show ip local pol
Local policy routing is enabled, using route map POL
route-map POL, permit, sequence 10
  Match clauses:
    ip address (access-lists): 101
  Set clauses:
    interface Loopback1
  Policy routing matches: 9 packets, 564 bytes
Rack1R1#

Rack1R1#show ip nat trans

Rack1R1#

Douglas Szarmach
Senior Network Engineer
+1 312 648 3797

CME Group
A CME/Chicago Board of Trade Company
20 South Wacker Drive
Chicago, Illinois 60606
cmegroup.com

-----Original Message-----
From: Joseph Brunner [mailto:joe@affirmedsystems.com]
Sent: Thursday, August 16, 2007 2:30 PM
To: Szarmach, Douglas; 'Cisco certification'
Subject: RE: Change Source of ICMP Unreachable

Actually its both...

Get the VOL II 4.1 workbook, something similar is in there...

Traceroute responses must come back from a certain loopback...

-Joe

Senior CCNA

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Szarmach, Douglas
Sent: Thursday, August 16, 2007 2:55 PM
To: Cisco certification
Subject: Change Source of ICMP Unreachable

In the IE "Lab Strategy" classroom Brian mentions something about
changing the source of all ICMP unreachables. Can someone explain how
to do this?

Is there an easy command or is it a crazy 'ip local-policy' and NAT
solution to do so?

Douglas Szarmach
Senior Network Engineer
+1 312 648 3797

CME Group
A CME/Chicago Board of Trade Company
20 South Wacker Drive
Chicago, Illinois 60606
cmegroup.com

• Next message: Bajo: "Re: AutoRP filter-list"
• Previous message: Narbik Kocharians: "Re: got to love cisco"
• Maybe in reply to: Szarmach, Douglas: "Change Source of ICMP Unreachable"
• Next in thread: Bit Gossip: "Re: Change Source of ICMP Unreachable"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Sep 01 2007 - 11:32:11 ART