Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
366
Views
7
Helpful
4
Replies

NAT

edgar-zapata
Level 1
Level 1

‎11-26-2004 02:50 AM - edited ‎03-02-2019 08:13 PM

I'm trying to implement NAT for privates: 192.168.91.4 and 192.168.91.43

why is it that the command: show ip nat translations verbose | include 192.168.91.4 shows up the following?:

i include only a fragment:

RT_DST001#show ip nat translations verbose | include 192.168.91.4

tcp 195.53.168.62:1328 192.168.91.43:1328 194.224.26.196:443 194.224.26.196:443

tcp 195.53.168.62:1345 192.168.91.43:1345 194.224.26.196:443 194.224.26.196:443

tcp 195.53.168.62:1351 192.168.91.43:1351 194.224.26.196:443 194.224.26.196:443

tcp 195.53.168.62:1368 192.168.91.43:1368 194.224.26.196:443 194.224.26.196:443

tcp 195.53.168.62:1406 192.168.91.43:1406 194.224.26.196:443 194.224.26.196:443

tcp 195.53.168.62:2942 192.168.91.43:2942 12.6.196.117:443 12.6.196.117:443

tcp 195.53.168.62:1330 192.168.91.43:1330 207.46.106.196:1863 207.46.106.196:186

3

tcp 195.53.168.62:1529 192.168.91.44:1529 193.110.128.55:80 193.110.128.55:80

tcp 195.53.168.62:2499 192.168.91.44:2499 193.109.81.33:3101 193.109.81.33:3101

tcp 195.53.168.62:2628 192.168.91.43:2628 194.224.26.196:443 194.224.26.196:443

tcp 195.53.168.61:443 192.168.91.4:443 --- ---

tcp 195.53.168.61:443 192.168.91.43:443 --- ---

tcp 195.53.168.62:2718 192.168.91.43:2718 194.224.26.196:443 194.224.26.196:443

tcp 195.53.168.62:2723 192.168.91.43:2723 194.224.26.196:443 194.224.26.196:443

tcp 195.53.168.62:2725 192.168.91.43:2725 194.224.26.196:443 194.224.26.196:443

tcp 195.53.168.62:2726 192.168.91.43:2726 194.224.26.196:443 194.224.26.196:443

tcp 195.53.168.62:3536 192.168.91.44:3536 66.102.11.104:80 66.102.11.104:80

Labels:
0 Helpful
4 Replies 4

jolmo
Level 4
Level 4

‎11-26-2004 04:18 AM

Hi Edgar

This is an usual behaviour in Cisco IOS when using ".. | include ..." command option. In this case, it shows lines including "192.168.91.4" string As you can see, lines with "192.168.91.43.." and "192.168.91.44.." include string "192.168.91.4".

To get a result closer to what I think you want, please try:

show ip nat translations verbose | include 192.168.91.4:

(this is, with ":" at the end)

HTH

edgar-zapata
Level 1
Level 1
In response to jolmo

‎11-26-2004 05:18 AM

What I meant is I need to implement NAT so private IP 192.168.91.43:443 can travel as 195.53.168.61:443

To my understanding it is enough to go and:

ip nat inside source static tcp 192.168.91.43 443 195.53.168.61 443

which I have done already.

The thing is, after issuing that command, I issue "sh ip nat trans ver | incl 192.168.91.43 and the following stuff shows up:

tcp 195.53.168.61:443 192.168.91.4:443 --- ---

I don't know what the 2 ---s stand for.

Plus, the remote server I want to access, says I am reaching them with 195.53.168.62 at their 194.224.26.196 443

below line also shows up when I issue the

"show ip nat translations verbose | include 192.168.91.43" command.

tcp 195.53.168.62:2628 192.168.91.43:2628 194.224.26.196:443 194.224.26.196:443

thank you guys!

0 Helpful

jolmo
Level 4
Level 4
In response to edgar-zapata

‎11-26-2004 05:34 AM

Hi Edgar

Have you added previously any NAT statement and forgot to remove? I'd recommend to do a "clear ip nat translation * " to clear NAT table and then try to establish connection. After this please, post the output from "show ip nat translations" and "show ip nat statistics".

HTH

0 Helpful

dbellaze
Level 4
Level 4
In response to edgar-zapata

‎11-27-2004 11:55 AM

The two --- lines on the show ip nat trans normally get replaced by outside local and outside global IP address values (the IP's of the device you are talking to) but I believe these values don't get filled with static NAT's, only with dynamic NAT.

By looking at your translation output

"show ip nat translations verbose | include 192.168.91.43" command.

tcp 195.53.168.62:2628 192.168.91.43:2628 194.224.26.196:443 194.224.26.196:443

The reason your translation does not work is because it looks like your private IP 192.168.91.43 is not sourcing the tcp port as 443. Its sourcing with tcp port 2628 which could be a random port, or a fixed port that it always tries to use depending on your application.

Your static nat translation will ONLY work if the source ip and tcp information in the packet traversing the NAT interfaces match the static nat source information specified in your static nat.

195.53.168.62 is probably your global PAT which is getting used because the Private IP is not using source port 443.

Daniel

Customers Also Viewed These Support Documents