nat problem
in [Cisco]
|
Prev: PIX 515E remote access vpn with DHCP pushed to the client
Next: automating username/password when ssh to cisco router
From: Laurent on 17 Apr 2008 04:47 News Reader a �crit : > gateway. I was wanting to confirm that the host's default gateway was > configured as 192.168.254.4, to ensure that packets were using the > router on which your NAT and route-map were configured. no. really. :) on 192.168.254.110, there's a route to 172.20.2.0 with 192.168.254.4 gateway. the default gateway is set to another router.. > Just one ping? Where is this trace taken from? 192.168.254.110 host. > Why are you seeing multiple requests/replies with the "same IP addresses > and same seq number"? I don't know.. this is a windump trace (equivalent to tcpdump under linux) I made a new trace with wireshark (still for just one ping, and from 192.168.254.110): 1 10:31:28.635270 192.168.254.110 172.20.2.75 ICMP Echo (ping) request Destination: Cisco_f2:65:d8 (00:30:80:f2:65:d8) Source: Intel_62:c1:2d (00:07:e9:62:c1:2d) 2 10:31:28.635330 192.168.254.110 172.20.2.75 ICMP Echo (ping) request Destination: Cisco_f2:65:d8 (00:30:80:f2:65:d8) Source: Intel_62:c1:2d (00:07:e9:62:c1:2d) 3 10:31:28.641375 10.200.210.240 172.20.2.75 ICMP Echo (ping) request Destination: Cisco_7f:b0:a6 (00:0c:85:7f:b0:a6) Source: Cisco_f2:65:d8 (00:30:80:f2:65:d8) 4 10:31:28.696839 172.20.2.75 10.200.210.240 ICMP Echo (ping) reply Destination: Cisco_f2:65:d8 (00:30:80:f2:65:d8) Source: Cisco_7f:b0:a6 (00:0c:85:7f:b0:a6) 00:30:80:f2:65:d8 is 192.168.254.4 router 00:0c:85:7f:b0:a6 is 192.168.254.6 router 00:07:e9:62:c1:2d is 192.168.254.110 host the whole capture can be read from http://lpopoz.free.fr/fichiers/ping172.20.2.txt I dont understand why there are two same echo request at the begining ?
From: Laurent on 17 Apr 2008 05:03 Bod43(a)hotmail.co.uk a �crit : > or is it debug ip nat > > shows all of the packets. Quite handy. I tried, but it didn't give really infos more interesting.. thank you anyway.. :)
From: News Reader on 17 Apr 2008 12:24 Laurent wrote: > News Reader a �crit : > >> gateway. I was wanting to confirm that the host's default gateway was >> configured as 192.168.254.4, to ensure that packets were using the >> router on which your NAT and route-map were configured. > no. really. :) > on 192.168.254.110, there's a route to 172.20.2.0 with 192.168.254.4 > gateway. the default gateway is set to another router.. Yes, you stated this and it didn't sink in, sorry. > > >> Just one ping? Where is this trace taken from? > 192.168.254.110 host. > >> Why are you seeing multiple requests/replies with the "same IP >> addresses and same seq number"? > I don't know.. this is a windump trace (equivalent to tcpdump under linux) > > I made a new trace with wireshark (still for just one ping, and from > 192.168.254.110): If you wanted, you could create a file called "ethers" and place it in the Wireshark program directory so that packets in the trace identify the hosts at the MAC level. file content e.g.: 00:30:80:f2:65:d8 router-a 00:0c:85:7f:b0:a6 router-b 00:07:e9:62:c1:2d host-1 > 1 10:31:28.635270 192.168.254.110 172.20.2.75 ICMP Echo > (ping) request > Destination: Cisco_f2:65:d8 (00:30:80:f2:65:d8) > Source: Intel_62:c1:2d (00:07:e9:62:c1:2d) > 2 10:31:28.635330 192.168.254.110 172.20.2.75 ICMP Echo > (ping) request > Destination: Cisco_f2:65:d8 (00:30:80:f2:65:d8) > Source: Intel_62:c1:2d (00:07:e9:62:c1:2d) > 3 10:31:28.641375 10.200.210.240 172.20.2.75 ICMP Echo > (ping) request > Destination: Cisco_7f:b0:a6 (00:0c:85:7f:b0:a6) > Source: Cisco_f2:65:d8 (00:30:80:f2:65:d8) > 4 10:31:28.696839 172.20.2.75 10.200.210.240 ICMP Echo > (ping) reply > Destination: Cisco_f2:65:d8 (00:30:80:f2:65:d8) > Source: Cisco_7f:b0:a6 (00:0c:85:7f:b0:a6) > > 00:30:80:f2:65:d8 is 192.168.254.4 router > 00:0c:85:7f:b0:a6 is 192.168.254.6 router > 00:07:e9:62:c1:2d is 192.168.254.110 host > If that's the whole trace, then the packet is being dropped before or after NAT. I took a look at the NAT Order of Operations document again as a refresher (NAT outside-to-inside, Policy Routing, Routing) and don't see an issue. Your initial post stated 'translation isn't working when the ip packets are comming back". Bod43's advice on using "debug ip nat" is good. You'd look for something like this: Apr 17 12:03:25.019 EDT: NAT*: s=172.20.2.75, d=10.200.210.240->192.168.254.110 [IP packet ID] .... to confirm NAT function on the return path. If the router is quiet enough to tolerate it, you might try following debug to see if you can draw any conclusions about the forwarding of the ping reply to the host: router # debug ip packet detail If you were using inspection you might benefit from: ip inspect log drop-pkt ip inspect audit-trail .... although I don't know that they would convey "cause". > the whole capture can be read from > http://lpopoz.free.fr/fichiers/ping172.20.2.txt > > I dont understand why there are two same echo request at the begining ? When you stated "just one ping" I took it literally (i.e.: following a single ping packet vs. multiple packets generated by a single ping command). I have not used NAT on the same physical interface as you are here, and have not had to address this issue. I too would like to know the answer. Best Regards, News Reader
From: Laurent on 22 Apr 2008 10:22
I stopped searching. :) I resolved my problem using a linux box and iptables, instead of a cisco box ;) I would have like to know the answer, but i don't have enough time, so.. Thank you for your interest and patience :) |