Solved: Hi Frank,With NAT, dynamic

yangfrank · ‎03-01-2015

Dear All

I have a question about NAT. What rule does the NAT allocate ip address based on? For example, a router NAT allocate ip address 1.1.1.1/24. The PC1 will get 1.1.1.1, PC2 will get 1.1.1.2, the PC3 will get 1.1.1.3. If the three PC shut down, and then PC3 restart first, Do you think the PC3 will get 1.1.1.1 instead of 1.1.1.3 ? Thank you

Frank

Peter Paluch · ‎03-01-2015

Hi Frank,

With NAT, dynamic translation entries are created on a first-come-first-served basis, with the IP addresses assigned from the pool in the increasing order.

Your PCs do not need to restart; in fact, their restart has no bearing on the IP addresses they will be NATted behind. Rather, the router will always first check if the internal source address already has a translation entry recorded in the NAT table. If it has, it will be used. If it does not have a translation entry created yet, the router will allocate the first unused IP address from the relevant pool and will use it to NAT the internal address. As a result, it is sufficient for your three PCs to be silent for a period of time (a couple of minutes at most) to cause the dynamic NAT entries on the router to expire, and when they try to access internet afterwards, their addresses as seen from outside may be different.

Best regards,
Peter

View solution in original post

Peter Paluch · ‎03-01-2015

Hi Frank,

With NAT, dynamic translation entries are created on a first-come-first-served basis, with the IP addresses assigned from the pool in the increasing order.

Your PCs do not need to restart; in fact, their restart has no bearing on the IP addresses they will be NATted behind. Rather, the router will always first check if the internal source address already has a translation entry recorded in the NAT table. If it has, it will be used. If it does not have a translation entry created yet, the router will allocate the first unused IP address from the relevant pool and will use it to NAT the internal address. As a result, it is sufficient for your three PCs to be silent for a period of time (a couple of minutes at most) to cause the dynamic NAT entries on the router to expire, and when they try to access internet afterwards, their addresses as seen from outside may be different.

Best regards,
Peter

yangfrank · ‎03-01-2015

Hi Peter

Thank you for your rely. You are right, but when I tested it(using the link containing topology http://www.informit.com/library/content.aspx?b=CCIE_Practical_Studies_II&seqNum=105 ), it seems that the NAT allocate ip address starting ip address 191.19.42.6 instead of 191.19.42.3 most time though I clear ip nat translation *. The NAT config and results are below.

Cloudy#sh run | s nat
ip nat outside
ip nat outside
ip nat inside
ip nat pool public 191.19.42.3 191.19.42.254 prefix-length 24
ip nat inside source list 8 pool public
Cloudy#

Second question is what is difference between below two lines highlighted with red ?

Cloudy#sh ip nat tr
Pro Inside global Inside local Outside local Outside global
--- 191.19.42.6 10.50.50.2 --- ---
icmp 191.19.42.7:8 10.50.50.3:8 30.0.0.1:8 30.0.0.1:8
--- 191.19.42.7 10.50.50.3 --- ---
Cloudy#
*Mar 1 12:10:26.448: NAT: expiring 191.19.42.7 (10.50.50.3) icmp 8 (8)
Cloudy#
Cloudy#
Cloudy#sh ip nat tr
Pro Inside global Inside local Outside local Outside global
--- 191.19.42.6 10.50.50.2 --- ---
--- 191.19.42.7 10.50.50.3 --- ---
Cloudy#

http://www.informit.com/library/content.aspx?b=CCIE_Practical_Studies_II&seqNum=105