Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
463
Views
5
Helpful
1
Replies

Problem with SNAT UDP

ingredosi
Level 1
Level 1

‎10-26-2005 10:54 AM

I,ve been trying to run CSS11500 07.40.2.02 one-armed DNAT+SNAT with RTP udp 10000-30000.

I need to nat client ip addresses.

service serv1

ip add 90.1.1.1

protocol udp

active

------

owner

vip add 10.1.1.1

protocol udp

add serv serv1

active

-------

group

vip add 81.1.1.1

portmap disable

add destination service serv1

active

DNAT and SNAT is OK:

IP client > CSS: 10.x.x.x:10000 > VIP 10.1.1.1:20000

IP SNAT> internet: SNAT 81.1.11:10000 > 90.1.1.1:20000

but the response:

Internet> CSS: 90.1.1.1:20000 >81.1.1.1:10000

is dropped in CSS (verified)

whithout "portmap disable", works, but the source port of client is natted...

I´d appreciate any suggestions about this problem.

Regards,

Labels:
0 Helpful
1 Reply 1

Gilles Dufour
Cisco Employee
Cisco Employee

‎10-27-2005 03:34 AM

The combination of 'portmap disable' and client-source-nating is not supported.

The reason is that if you disable portmapping, when 2 clients hit the vip with the same source port, the traffic is sent to the server with the same source ip and port. It is therefore not possible for the CSS to identify the client ip when the response from the server comes back.

So do not use one-armed mode or make the CSS the default gateway for the servers.

Regards,

Gilles.

Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card