cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
461
Views
5
Helpful
1
Replies

Problem with SNAT UDP

ingredosi
Level 1
Level 1

I,ve been trying to run CSS11500 07.40.2.02 one-armed DNAT+SNAT with RTP udp 10000-30000.

I need to nat client ip addresses.

service serv1

ip add 90.1.1.1

protocol udp

active

------

owner

vip add 10.1.1.1

protocol udp

add serv serv1

active

-------

group

vip add 81.1.1.1

portmap disable

add destination service serv1

active

DNAT and SNAT is OK:

IP client > CSS: 10.x.x.x:10000 > VIP 10.1.1.1:20000

IP SNAT> internet: SNAT 81.1.11:10000 > 90.1.1.1:20000

but the response:

Internet> CSS: 90.1.1.1:20000 >81.1.1.1:10000

is dropped in CSS (verified)

whithout "portmap disable", works, but the source port of client is natted...

I´d appreciate any suggestions about this problem.

Regards,

1 Reply 1

Gilles Dufour
Cisco Employee
Cisco Employee

The combination of 'portmap disable' and client-source-nating is not supported.

The reason is that if you disable portmapping, when 2 clients hit the vip with the same source port, the traffic is sent to the server with the same source ip and port. It is therefore not possible for the CSS to identify the client ip when the response from the server comes back.

So do not use one-armed mode or make the CSS the default gateway for the servers.

Regards,

Gilles.

Review Cisco Networking for a $25 gift card