Friday, February 10, 2006

 

NAT Translation entry. (Question #9)

After pinging through a box doing NAT, one might see a NAT entry like the following. The protocol is "icmp" as one expects but there is also a number after the colon in the IP addresses listed in the inside/outside global/local addresses. In the case of UDP or TCP the number after the colon would the port number involved. What does that number signify for the ICMP case?


R3#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 172.16.1.5:8 10.1.1.1:8 155.55.55.55:8 155.55.55.55:8


 

Trouble with NAT and OSPF (Question #8)

Consider the following configuration on a router doing NAT. It turns out that devices on the inside are unable to ping devices on the outside because the outside devices don't have a route back to the translated source address of 172.16.1.X. Why is that the case when clearly the 172.16.1.0 network is being advertised by OSPF? How can this be fixed?


interface Loopback0
ip address 172.16.1.1 255.255.255.0
!
interface Ethernet0/0
ip address 10.1.1.2 255.255.255.0
ip nat inside
ip virtual-reassembly
no keepalive
!
interface Serial2/0
ip address 171.69.1.1 255.255.255.0
ip nat outside
ip virtual-reassembly
no keepalive
serial restart-delay 0
!
router eigrp 100
network 10.0.0.0
no auto-summary
!
router ospf 10
log-adjacency-changes
redistribute static subnets
network 171.69.1.0 0.0.0.255 area 0
network 172.16.1.0 0.0.0.255 area 0
!
ip nat pool NATPOOL 172.16.1.2 172.16.1.15 prefix-length 24
ip nat inside source list 1 pool NATPOOL
!
access-list 1 permit 10.0.0.0 0.255.255.255


This page is powered by Blogger. Isn't yours?