Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
346
Views
0
Helpful
2
Replies

PATed ip responds icmp from outside

Ignacio Freyre
Level 1
Level 1

‎06-22-2015 08:31 AM - edited ‎03-05-2019 01:43 AM

hi guys, so i ran into this thing with pat on a cisco router. 
i always thought that pat only allowed traffic inside to outside, but i found a scenario that when a pat translation
is generated by legitimate traffic, then the pated ip address starts responding ping from outside. 
the cisco router is the host responding to the icmp.

The PATed ip address is not assigned to the interface.
is this behavior normal? couldn't find any information on cisco regarding this.


see diagram and config attached

Labels:
Preview file
83 KB
0 Helpful
2 Replies 2

johnlloyd_13
Level 9
Level 9

‎06-22-2015 08:54 PM

hi,

i don't think is due to PAT/NAT that ping is working.

maybe it's just due to normal routing that the router does.

could you post configs, pings and debug ip nat detailed output?

0 Helpful

Ignacio Freyre
Level 1
Level 1
In response to johnlloyd_13

‎06-23-2015 06:41 AM

hi, please see attached file screenshot_2.jpg, its a reproduction of the config in gns3. 

The pc is nated to 192.168.1.2 which is a PAT, when that entry is crated in the nat table, that ip address starts responding to ping from outside, the router is the device responding to ping as seen in a capture in gns3.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card