cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4164
Views
5
Helpful
3
Replies
ju.mahieu
Beginner

NAT : Difference vs NAT and NAT* in debug ip nat messages ?

Hello,

 

I have the following messages in my

debug ip nat :
*Nov 16 14:22:21.711: NAT: s=10.39.226.100->10.233.1.3, d=10.233.90.100 [11047]
*Nov 16 14:22:22.075: NAT*: s=10.39.226.100->10.233.1.3, d=10.233.90.100 [11048]

 

Everything works fine but I'm wondering what is the difference between :

- : NAT not followed by a * --> NAT

- : NAT followed by a * --> NAT*

 

Thank you for your comments,

 

Regards,

 

Ju

1 ACCEPTED SOLUTION

Accepted Solutions
Peter Paluch
Hall of Fame Cisco Employee

Hello,

If I remember correctly, the messages marked with the asterisk (*) sign mean that the translation was already present in the NAT table and was simply used to translate further packets in the same flow, i.e. a cached translation entry was used to translate this packet. The messages without the * sign mean that a cached translation entry was not found in the NAT table and the router needed to create a new translation entry for this packet.

If anyone has additional or different info please share it with us!

Best regards,

Peter

EDIT: The IOS Command Reference guide located at

http://www.cisco.com/en/US/docs/ios/debug/command/reference/db_i1.html#wp1151494

seems to confirm this, specifically:

Table 147     debug ip nat Field Descriptions

Field
Description

NAT

Indicates that the packet is being translated by the NAT feature. An  asterisk (*) indicates that the translation is occurring in the fast  path. The first packet in a conversation always goes through the slow  path (that is, it is process switched). The remaining packets go through  the fast path if a cache entry exists.

s=192.168.1.95->172.31.233.209

Source address of the packet and how it is being translated.

d=172.31.2.132

Destination address of the packet.

[6825]

IP identification number of the packet. Might be useful in the debugging  process to correlate with other packet traces from protocol analyzers.

View solution in original post

3 REPLIES 3
Peter Paluch
Hall of Fame Cisco Employee

Hello,

If I remember correctly, the messages marked with the asterisk (*) sign mean that the translation was already present in the NAT table and was simply used to translate further packets in the same flow, i.e. a cached translation entry was used to translate this packet. The messages without the * sign mean that a cached translation entry was not found in the NAT table and the router needed to create a new translation entry for this packet.

If anyone has additional or different info please share it with us!

Best regards,

Peter

EDIT: The IOS Command Reference guide located at

http://www.cisco.com/en/US/docs/ios/debug/command/reference/db_i1.html#wp1151494

seems to confirm this, specifically:

Table 147     debug ip nat Field Descriptions

Field
Description

NAT

Indicates that the packet is being translated by the NAT feature. An  asterisk (*) indicates that the translation is occurring in the fast  path. The first packet in a conversation always goes through the slow  path (that is, it is process switched). The remaining packets go through  the fast path if a cache entry exists.

s=192.168.1.95->172.31.233.209

Source address of the packet and how it is being translated.

d=172.31.2.132

Destination address of the packet.

[6825]

IP identification number of the packet. Might be useful in the debugging  process to correlate with other packet traces from protocol analyzers.

Thanks Peter for your answer. Very usefull.

Bye,

Ju

Amazing, thanks! I had the same question.