11-11-2013 08:19 AM - edited 03-04-2019 09:32 PM
Hi all,
Due to some ongoing issues with dsl interface firmwares and the kit held in our ISP exchanges; we are havign to resort to substituting out the Cisco 877 ADSL atm interface and using a seperate router supplied by the ISP to make the initial connection.
I am struggling to get the 877 to do what I want it to now though; and have subsequently found it can only handle two VLANs.
So; my ISP provided router/modem connects to the net, anythign connected to it browses fine.
This is on subnet 192.168.1.0/24 and IP 192.168.1.254 is the router
I have a port on the 877 configured in this subnet, and in VLAN666 (so i can apply ip nat outisde)
This is on 192.168.1.139
Additionally I am using VLAN1 for corporate traffic on 172.30.59.0/24 subnet and if it could handle an additional VLAN I'd also be using 10.30.59.0/24 for voice, but that's a seperate issue (unless you have any helpful suggestions!)
The 877 can ping everything, unless I tell it to use source VLAN1.
Laptop connected to to VLAN1 can ping VLAN1, VLAN666 but not 192.168.1.254 or any internet based hosts.
ISP router can ping 192.168.1.139 on the 877 but no further.
This all stinks of NAT issues but I can't figure it out; config below:
ITTEST#show run
Building configuration...
Current configuration : 4282 bytes
!
! Last configuration change at 16:10:10 GMT Mon Nov 11 2013
! NVRAM config last updated at 16:10:14 GMT Mon Nov 11 2013
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname ITTEST
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 10240
logging console critical
enable secret
enable password
!
no aaa new-model
clock timezone GMT 0
clock summer-time BST recurring last Sun Mar 1:00 last Sun Oct 2:00
!
!
dot11 syslog
no ip source-route
ip dhcp excluded-address 172.30.59.1 172.30.59.100
!
ip dhcp pool dhcppool
import all
network 172.30.59.0 255.255.255.0
default-router 172.30.59.1
dns-server 172.30.59.1 172.20.0.120 172.20.0.121
domain-name gratte.com
update arp
!
!
ip cef
ip domain name gratte.com
ip name-server 192.168.1.254
ip name-server 172.20.0.120
ip name-server 172.20.0.121
!
!
!
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key <presharedkey> address xxx.xxx.xxx.xxx no-xauth
!
!
crypto ipsec transform-set 3DESSHA esp-3des esp-sha-hmac
!
crypto ipsec profile IPSEC-VPN
set transform-set 3DESSHA
!
!
archive
log config
hidekeys
!
!
!
!
!
interface Tunnel0
description --- IPSec Tunnel to KX ---
ip address 172.30.60.1 255.255.255.0
ip ospf mtu-ignore
load-interval 30
tunnel source Vlan1
tunnel destination xxx.xxx.xxx.xxx
tunnel mode ipsec ipv4
tunnel protection ipsec profile IPSEC-VPN
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface FastEthernet0
description DATA
spanning-tree portfast
!
interface FastEthernet1
description VOICE
switchport access vlan 100
switchport voice vlan 100
spanning-tree portfast
!
interface FastEthernet2
shutdown
!
interface FastEthernet3
switchport access vlan 666
no cdp enable
spanning-tree portfast
!
interface Vlan1
ip address 172.30.59.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Vlan2
no ip address
!
interface Vlan100
ip address 10.30.59.1 255.255.255.252
ip nat inside
ip virtual-reassembly
!
interface Vlan666
ip address 192.168.1.139 255.255.255.0
ip nat outside
ip virtual-reassembly
!
interface Dialer0
no ip address
!
ip default-gateway 192.168.1.254
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.1.254
ip route 10.20.0.0 255.255.0.0 Tunnel0
ip route 10.21.0.0 255.255.0.0 Tunnel0
ip route 64.156.192.220 255.255.255.255 Tunnel0
ip route 64.156.192.245 255.255.255.255 Tunnel0
ip route 74.50.50.16 255.255.255.255 Tunnel0
ip route 74.50.63.14 255.255.255.255 Tunnel0
ip route 172.16.0.0 255.240.0.0 Tunnel0
ip route 172.30.59.0 255.255.255.0 Vlan1
no ip http server
no ip http secure-server
!
ip dns server
ip nat source list 100 interface Vlan1 overload
!
access-list 100 permit ip 172.30.59.0 0.0.0.255 any
!
!
!
snmp-server community RO
snmp-server community RW
!
control-plane
!
!
line con 0
password
login
no modem enable
line aux 0
line vty 0 4
password
login
!
scheduler max-task-time 5000
ntp server 72.8.140.222
end
Ultimately I'll be using this for a VPN, but I can't even get internet traffic currently.
Any ideas?
Thanks,
11-11-2013 09:29 AM
Hi,
this line:
ip nat source list 100 interface Vlan1 overload
should be
ip nat source list 100 interface Vlan666 overload
You should also do NAT exemption for your VPN traffic by denying it first in this ACL
Also for voice vlan you can use switchport voice vlan command.
Regards
Alain
Don't forget to rate helpful posts.
11-11-2013 11:26 AM
That was my original config, but I could not figure it out and had read enough rubbish on the internet to try setting it otherwise.
Now this is interesting; I've been conducting my ping tests from the user defing the source by using the VLAN1 IP; 172.30.59.1, I've just tried it using the actual interface instead:
ITTEST#ping 8.8.8.8 source vlan 1
% Invalid source interface - IP not enabled or interface is down
VLAN1 is active and the interface assigned is up....
What could that be then?...
11-11-2013 11:47 AM
Hi,
sh ip int br | i Vlan
Regards
Alain
Don't forget to rate helpful posts.
11-11-2013 12:54 PM
Ok, it shows the protocol as being down for VLAN 1, might this be as my laptop is no longer connect to fastethernet 0 (the only interface configured for vlan 1 access)?
I'm at home now, (UK time coming up to 9pm) so i can't plug my laptop back in to see a change.
ITTEST#sh ip int br | i Vlan
Vlan1 172.30.59.1 YES NVRAM up down
Vlan2 unassigned YES unset up down
Vlan100 10.30.59.1 YES NVRAM up down
Vlan666 192.168.1.139 YES NVRAM up up
What can i do to change the protocol state?
11-11-2013 01:13 PM
additionally, I'm on the firmware that enables 2 vlans not 4, the vlan 100 and vlan 2 are not required in this set up (currently) I will need to get a third vlan in their but I can load a different firmware when this is complete and working to achieve that.
11-11-2013 01:26 PM
additionally, I'm on the firmware that enables 2 vlans not 4, the vlan 100 and vlan 2 are not required in this set up (currently) I will need to get a third vlan in their but I can load a different firmware when this is complete and working to achieve that.
870 routers, when loaded with IOS version 12.4, can only support 2 VLANs. If you want to load between 3 to 10 VLANs, you need to downgrade to IOS version 12.3.
Make sure you've created VLAN entries in the VLAN database.
11-11-2013 01:34 PM
Hi Leo,
From the sh ip int br | i Vlan command that Alain suggested I can see:
ITTEST#sh ip int br | i Vlan
Vlan1 172.30.59.1 YES NVRAM up down
Vlan2 unassigned YES unset administratively down down
Vlan100 10.30.59.1 YES NVRAM administratively down down
Vlan666 192.168.1.139 YES NVRAM up up
I no longer require vlan2 or vlan 100 in this config, but I am currently connected remotely. If I was on site with this device I would erase the vlan.dat, reload the device, and set the vlans up from scratch.
If I did that currently though, I would lose the connection I am currently using though VLAN 666.
Any suggestions on how to achieve this nicely? Or should I just bite the bullet and wait until I'm back on site?
Thanks,
11-11-2013 01:44 PM
ITTEST(vlan)#no vlan 100
VLAN 100 does not exist
ITTEST(vlan)#no vlan 2
VLAN 2 does not exist
ITTEST(vlan)#show
VLAN ISL Id: 1
Name: default
Media Type: Ethernet
VLAN 802.10 Id: 100001
State: Operational
MTU: 1500
Translational Bridged VLAN: 1002
Translational Bridged VLAN: 1003
VLAN ISL Id: 666
Name: VLAN0666
Media Type: Ethernet
VLAN 802.10 Id: 100666
State: Operational
MTU: 1500
VLAN ISL Id: 1002
Name: fddi-default
Media Type: FDDI
VLAN 802.10 Id: 101002
State: Operational
MTU: 1500
Bridge Type: SRB
Translational Bridged VLAN: 1
Translational Bridged VLAN: 1003
VLAN ISL Id: 1003
Name: token-ring-default
Media Type: Token Ring
VLAN 802.10 Id: 101003
State: Operational
MTU: 1500
Bridge Type: SRB
Ring Number: 0
Bridge Number: 1
Parent VLAN: 1005
Maximum ARE Hop Count: 7
Maximum STE Hop Count: 7
Backup CRF Mode: Disabled
Translational Bridged VLAN: 1
Translational Bridged VLAN: 1002
VLAN ISL Id: 1004
Name: fddinet-default
Media Type: FDDI Net
VLAN 802.10 Id: 101004
State: Operational
MTU: 1500
Bridge Type: SRB
Bridge Number: 1
STP Type: IBM
VLAN ISL Id: 1005
Name: trnet-default
Media Type: Token Ring Net
VLAN 802.10 Id: 101005
State: Operational
MTU: 1500
Bridge Type: SRB
Bridge Number: 1
STP Type: IBM
11-11-2013 02:03 PM
I no longer require vlan2 or vlan 100 in this config
So all you do is:
conf t
no interface VLAN 2
no interface VLAN 100
end
11-12-2013 12:15 AM
Hi,
if you got nothing connected to a port in vlan1 then the SVI line protocol will stay down and so you won't be able to source any IP traffic from it.
Regards
Alain
Don't forget to rate helpful posts.
11-12-2013 02:24 AM
Ok, so I'm back on site with the 877; I deleted the vlan.dat (as it still wouldn't let go of VLAN 100 and VLAN 2, relaoded, recreated.
I'm still at the same point:
ITTEST#show ip int br | i Vlan
Vlan1 172.30.59.1 YES manual up up
Vlan666 192.168.1.139 YES NVRAM up up (laptop now connected)
vlan 1 can ping vlan 666 but not the ISP router/modem beyond it on 192.168.1.254; config reads:
Current configuration : 4034 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname ITTEST
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 10240
logging console critical
enable secret
enable password
!
no aaa new-model
clock timezone GMT 0
clock summer-time BST recurring last Sun Mar 1:00 last Sun Oct 2:00
!
!
dot11 syslog
no ip source-route
ip dhcp excluded-address 172.30.59.1 172.30.59.100
!
ip dhcp pool dhcppool
import all
network 172.30.59.0 255.255.255.0
default-router 172.30.59.1
dns-server 172.30.59.1 172.20.0.120 172.20.0.121
domain-name gratte.com
update arp
!
!
ip cef
ip domain name gratte.com
ip name-server 192.168.1.254
ip name-server 172.20.0.120
ip name-server 172.20.0.121
!
!
!
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key
!
!
crypto ipsec transform-set 3DESSHA esp-3des esp-sha-hmac
!
crypto ipsec profile IPSEC-VPN
set transform-set 3DESSHA
!
!
archive
log config
hidekeys
!
!
!
!
!
interface Tunnel0
description --- IPSec Tunnel to KX ---
ip address 172.30.60.1 255.255.255.0
ip ospf mtu-ignore
load-interval 30
tunnel source Vlan1
tunnel destination xxx.xxx.xxx.xxx
tunnel mode ipsec ipv4
tunnel protection ipsec profile IPSEC-VPN
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface FastEthernet0
description DATA
spanning-tree portfast
!
interface FastEthernet1
description VOICE
switchport access vlan 100
switchport voice vlan 100
spanning-tree portfast
!
interface FastEthernet2
shutdown
!
interface FastEthernet3
switchport access vlan 666
no cdp enable
spanning-tree portfast
!
interface Vlan1
ip address 172.30.59.1 255.255.255.252
ip nat inside
ip virtual-reassembly
!
interface Vlan666
ip address 192.168.1.139 255.255.255.0
ip nat outside
ip virtual-reassembly
!
interface Dialer0
no ip address
!
ip default-gateway 192.168.1.254
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.1.254
ip route 10.20.0.0 255.255.0.0 Tunnel0
ip route 10.21.0.0 255.255.0.0 Tunnel0
ip route 64.156.192.220 255.255.255.255 Tunnel0
ip route 64.156.192.245 255.255.255.255 Tunnel0
ip route 74.50.50.16 255.255.255.255 Tunnel0
ip route 74.50.63.14 255.255.255.255 Tunnel0
ip route 172.16.0.0 255.240.0.0 Tunnel0
ip route 172.30.59.0 255.255.255.0 Vlan1
no ip http server
no ip http secure-server
!
ip dns server
ip nat source list 100 interface Vlan666 overload
!
access-list 100 permit ip 172.30.59.0 0.0.0.255 any
!
!
!
snmp-server community RO
snmp-server community RW
!
control-plane
!
!
line con 0
password
login
no modem enable
line aux 0
line vty 0 4
password
login
!
scheduler max-task-time 5000
ntp server 72.8.140.222
ntp server 172.20.0.120
ntp server 172.20.0.121
end
11-12-2013 02:26 AM
ITTEST#ping 192.168.1.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.254 (ISP router/modem), timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
ITTEST#ping 172.30.59.123
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.30.59.123 (my laptop on VLAN1), timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
ITTEST#ping 192.168.1.254 source vlan666
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.254 (ISP router/modem), timeout is 2 seconds:
Packet sent with a source address of 192.168.1.139
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
ITTEST#ping 192.168.1.254 source vlan1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.254 (ISP router/modem from VLAN1), timeout is 2 seconds:
Packet sent with a source address of 172.30.59.1
.....
Success rate is 0 percent (0/5)
11-12-2013 02:46 AM
Hi,
try the ping from the pc in vlan 1 and verify you have a nat translation with sh ip nat translation
if it ain't working then can you do this:
access-list 199 permit icmp any any
do debug ip nat 199
do debug ip pack 199
and post debug output while pinging from host in vlan 1
Regards
Alain
Don't forget to rate helpful posts.
11-12-2013 03:23 AM
Hi,
Debugging is my main weak point on Cisco routers...
It wouldn't let me set do debug ip nat 199, so i jsut did general do debug ip nat
do debug ip pack 199 went through fine
I try to ping 192.168.1.254 or anything on the net from the laptop, the router gives me no debugging information.
If I ping 172.30.59.1 or 192.168.1.139 (router VLAN1 and VLAN666 IPs) I get the below:
01:09:46: IP: s=172.30.59.123 (Vlan1), d=172.30.59.1, len 60, input feature, Virtual Fragment Reassembly(21), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
01:09:46: IP: s=172.30.59.123 (Vlan1), d=172.30.59.1, len 60, input feature, Virtual Fragment Reassembly After IPSec Decryption(32), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
01:09:46: IP: s=172.30.59.123 (Vlan1), d=172.30.59.1, len 60, input feature, MCI Check(64), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
01:09:46: IP: tableid=0, s=172.30.59.123 (Vlan1), d=172.30.59.1 (Vlan1), routed via RIB
01:09:46: IP: s=172.30.59.123 (Vlan1), d=172.30.59.1 (Vlan1), len 60, output feature, NAT Inside(7), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
01:09:46: IP: s=172.30.59.123 (Vlan1), d=172.30.59.1 (Vlan1), len 60, rcvd 3
01:09:46: IP: s=172.30.59.123 (Vlan1), d=172.30.59.1, len 60, stop process pak for forus packet
01:09:46: IP: s=172.30.59.1 (local), d=172.30.59.123, len 60, local feature, NAT(2), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
01:09:46: IP: s=172.30.59.1 (local), d=172.30.59.123 (Vlan1), len 60, sending
01:09:46: IP: s=172.30.59.1 (local), d=172.30.59.123 (Vlan1), len 60, output feature, NAT Inside(7), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
01:09:46: IP: s=172.30.59.1 (local), d=172.30.59.123 (Vlan1), len 60, sending full packet
01:09:47: IP: s=172.30.59.123 (Vlan1), d=172.30.59.1, len 60, input feature, Virtual Fragment Reassembly(21), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
01:09:47: IP: s=172.30.59.123 (Vlan1), d=172.30.59.1, len 60, input feature, Virtual Fragment Reassembly After IPSec Decryption(32), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
01:09:47: IP: s=172.30.59.123 (Vlan1), d=172.30.59.1, len 60, input feature, MCI Check(64), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
01:09:47: IP: tableid=0, s=172.30.59.123 (Vlan1), d=172.30.59.1 (Vlan1), routed via RIB
01:09:47: IP: s=172.30.59.123 (Vlan1), d=172.30.59.1 (Vlan1), len 60, output feature, NAT Inside(7), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
01:09:47: IP: s=172.30.59.123 (Vlan1), d=172.30.59.1 (Vlan1), len 60, rcvd 3
01:09:47: IP: s=172.30.59.123 (Vlan1), d=172.30.59.1, len 60, stop process pak for forus packet
01:09:47: IP: s=172.30.59.1 (local), d=172.30.59.123, len 60, local feature, NAT(2), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
01:09:47: IP: s=172.30.59.1 (local), d=172.30.59.123 (Vlan1), len 60, sending
01:09:47: IP: s=172.30.59.1 (local), d=172.30.59.123 (Vlan1), len 60, output feature, NAT Inside(7), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
01:09:47: IP: s=172.30.59.1 (local), d=172.30.59.123 (Vlan1), len 60, sending full packet
01:09:48: IP: s=172.30.59.123 (Vlan1), d=172.30.59.1, len 60, input feature, Virtual Fragment Reassembly(21), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
01:09:48: IP: s=172.30.59.123 (Vlan1), d=172.30.59.1, len 60, input feature, Virtual Fragment Reassembly After IPSec Decryption(32), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
01:09:48: IP: s=172.30.59.123 (Vlan1), d=172.30.59.1, len 60, input feature, MCI Check(64), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
01:09:48: IP: tableid=0, s=172.30.59.123 (Vlan1), d=172.30.59.1 (Vlan1), routed via RIB
01:09:48: IP: s=172.30.59.123 (Vlan1), d=172.30.59.1 (Vlan1), len 60, output feature, NAT Inside(7), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
01:09:48: IP: s=172.30.59.123 (Vlan1), d=172.30.59.1 (Vlan1), len 60, rcvd 3
01:09:48: IP: s=172.30.59.123 (Vlan1), d=172.30.59.1, len 60, stop process pak for forus packet
01:09:48: IP: s=172.30.59.1 (local), d=172.30.59.123, len 60, local feature, NAT(2), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
01:09:48: IP: s=172.30.59.1 (local), d=172.30.59.123 (Vlan1), len 60, sending
01:09:48: IP: s=172.30.59.1 (local), d=172.30.59.123 (Vlan1), len 60, output feature, NAT Inside(7), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
01:09:48: IP: s=172.30.59.1 (local), d=172.30.59.123 (Vlan1), len 60, sending full packet
01:09:49: IP: s=172.30.59.123 (Vlan1), d=172.30.59.1, len 60, input feature, Virtual Fragment Reassembly(21), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
01:09:49: IP: s=172.30.59.123 (Vlan1), d=172.30.59.1, len 60, input feature, Virtual Fragment Reassembly After IPSec Decryption(32), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
01:09:49: IP: s=172.30.59.123 (Vlan1), d=172.30.59.1, len 60, input feature, MCI Check(64), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
01:09:49: IP: tableid=0, s=172.30.59.123 (Vlan1), d=172.30.59.1 (Vlan1), routed via RIB
01:09:49: IP: s=172.30.59.123 (Vlan1), d=172.30.59.1 (Vlan1), len 60, output feature, NAT Inside(7), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
01:09:49: IP: s=172.30.59.123 (Vlan1), d=172.30.59.1 (Vlan1), len 60, rcvd 3
01:09:49: IP: s=172.30.59.123 (Vlan1),
ITTEST(config)#d=172.30.59.1, len 60, stop process pak for forus packet
01:09:49: IP: s=172.30.59.1 (local), d=172.30.59.123, len 60, local feature, NAT(2), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
01:09:49: IP: s=172.30.59.1 (local), d=172.30.59.123 (Vlan1), len 60, sending
01:09:49: IP: s=172.30.59.1 (local), d=172.30.59.123 (Vlan1), len 60, output feature, NAT Inside(7), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
01:09:49: IP: s=172.30.59.1 (local), d=172.30.59.123 (Vlan1), len 60, sending full packet
ITTEST(config)#
ITTEST(config)#
ITTEST(config)#
ITTEST(config)#
01:10:01: IP: s=172.30.59.123 (Vlan1), d=192.168.1.139, len 60, input feature, Virtual Fragment Reassembly(21), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
01:10:01: IP: s=172.30.59.123 (Vlan1), d=192.168.1.139, len 60, input feature, Virtual Fragment Reassembly After IPSec Decryption(32), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
01:10:01: IP: s=172.30.59.123 (Vlan1), d=192.168.1.139, len 60, input feature, MCI Check(64), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
01:10:01: IP: tableid=0, s=172.30.59.123 (Vlan1), d=192.168.1.139 (Vlan666), routed via RIB
01:10:01: IP: s=172.30.59.123 (Vlan1), d=192.168.1.139 (Vlan666), len 60, output feature, Post-routing NAT Outside(17), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
01:10:01: IP: s=172.30.59.123 (Vlan1), d=192.168.1.139, len 60, rcvd 4
01:10:01: IP: s=172.30.59.123 (Vlan1), d=192.168.1.139, len 60, stop process pak for forus packet
01:10:01: IP: s=192.168.1.139 (local), d=172.30.59.123, len 60, local feature, NAT(2), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
01:10:01: IP: s=192.168.1.139 (local), d=172.30.59.123 (Vlan1), len 60, sending
01:10:01: IP: s=192.168.1.139 (local), d=172.30.59.123 (Vlan1), len 60, output feature, NAT Inside(7), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
01:10:01: IP: s=192.168.1.139 (local), d=172.30.59.123 (Vlan1), len 60, sending full packet
01:10:02: IP: s=172.30.59.123 (Vlan1), d=192.168.1.139, len 60, input feature, Virtual Fragment Reassembly(21), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
01:10:02: IP: s=172.30.59.123 (Vlan1), d=192.168.1.139, len 60, input feature, Virtual Fragment Reassembly After IPSec Decryption(32), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
01:10:02: IP: s=172.30.59.123 (Vlan1), d=192.168.1.139, len 60, input feature, MCI Check(64), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
01:10:02: IP: tableid=0, s=172.30.59.123 (Vlan1), d=192.168.1.139 (Vlan666), routed via RIB
01:10:02: IP: s=172.30.59.123 (Vlan1), d=192.168.1.139 (Vlan666), len 60, output feature, Post-routing NAT Outside(17), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
01:10:02: IP: s=172.30.59.123 (Vlan1), d=192.168.1.139, len 60, rcvd 4
01:10:02: IP: s=172.30.59.123 (Vlan1), d=192.168.1.139, len 60, stop process pak for forus packet
01:10:02: IP: s=192.168.1.139 (local), d=172.30.59.123, len 60, local feature, NAT(2), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
01:10:02: IP: s=192.168.1.139 (local), d=172.30.59.123 (Vlan1), len 60, sending
01:10:02: IP: s=192.168.1.139 (local), d=172.30.59.123 (Vlan1), len 60, output feature, NAT Inside(7), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
01:10:02: IP: s=192.168.1.139 (local), d=172.30.59.123 (Vlan1), len 60, sending full packet
01:10:03: IP: s=172.30.59.123 (Vlan1), d=192.168.1.139, len 60, input feature, Virtual Fragment Reassembly(21), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
01:10:03: IP: s=172.30.59.123 (Vlan1), d=192.168.1.139, len 60, input feature, Virtual Fragment Reassembly After IPSec Decryption(32), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
01:10:03: IP: s=172.30.59.123 (Vlan1), d=192.168.1.139, len 60, input feature, MCI Check(64), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
01:10:03: IP: tableid=0, s=172.30.59.123 (Vlan1), d=192.168.1.139 (Vlan666), routed via RIB
01:10:03: IP: s=172.30.59.123 (Vlan1), d=192.168.1.139 (Vlan666), len 60, output feature, Post-routing NAT Outside(17), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
01:10:03: IP: s=172.30.59.123 (Vlan1), d=192.168.1.139, len 60, rcvd 4
01:10:03: IP: s=172.30.59.123 (Vlan1), d=192.168.1.139, len 60, stop process pak for forus packet
01:10:03: IP: s=192.168.1.139 (local), d=172.30.59.123, len 60, local feature, NAT(2), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
01:10:03: IP: s=192.168.1.139 (local), d=172.30.59.123 (Vlan1), len 60, sending
01:10:03: IP: s=192.168.1.139 (local), d=172.30.59.123 (Vlan1), len 60, output feature, NAT Inside(7), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
01:10:03: IP: s=192.168.1.139 (local), d=172.30.59.123 (Vlan1), len 60, sending full packet
01:10:04: IP: s=172.30.59.123 (Vlan1), d=192.168.1.139, len 60, input feature, Virtual Fragment Reassembly(21), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
01:10:04: IP: s=172.30.59.123 (Vlan1), d=192.168.1.139, len 60, input feature, Virtual Fragment Reassembly After IPSec Decryption(32), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
01:10:04: IP: s=172.30.59.123 (Vlan1), d=192.168.1.139, len 60, input feature, MCI Check(64), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
01:10:04: IP: tableid=0, s=172.30.59.123 (Vlan1), d=192.168.1.139 (Vlan666), routed via RIB
01:10:04: IP: s=172.30.59.123 (Vlan1), d=192.168.1.139 (Vlan666), len 60, output feature, Post-routing NAT Outside(17), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
01:10:04: IP: s=172.30.59.123 (Vlan1), d=192.168.1.139, len 60, rcvd 4
01:10:04: IP: s=172.30.59.123 (Vlan1), d=192.168.1.139, len 60, stop process pak for forus packet
01:10:04: IP: s=192.168.1.139 (local), d=172.30.59.123, len 60, local feature, NAT(2), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
01:10:04: IP: s=192.168.1.139 (local), d=172.30.59.123 (Vlan1), len 60, sending
01:10:04: IP: s=192.168.1.139 (local), d=172.30.59.123 (Vlan1), len 60, output feature, NAT Inside(7), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
01:10:04: IP: s=192.168.1.139 (local), d=172.30.59.123 (Vlan1), len 60, sending full packet
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide