Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2464
Views
0
Helpful
8
Replies

why does router change the destination port to 0 under NAT

slt20
Level 1
Level 1

‎12-07-2022 11:53 PM

I want to simulate NAT port address translation in cisco packet tracer. The key part of the topology is below. I configure the NAT translation on Router33 (in the red circles) as below: 

Router(config)# ip nat inside source static tcp 5.2.2.2 2222 4.2.2.2 80

Router#sh ip nat tr

Pro Inside global Inside local Outside local Outside global

tcp 4.2.2.2:80 5.2.2.2:2222 --- ---

However, when I send a http packet from 5.2.2.2 ("testS") with the source port 2222, I see in the simulation mode that Router33 does translate the source address 5.2.2.2:2222 to 4.2.2.2:80 (as expected), but it also changes the destination port from 80 to 0, which then fails the data request. Can anyone give me some help? I'm new at using cisco packet tracer and thanks very much.

slt20_0-1670485221129.png

 

Labels:
0 Helpful
8 Replies 8

balaji.bandi
Hall of Fame
Hall of Fame

‎12-08-2022 12:26 AM

as per the picture you have 4.1.1.X network

but the rule was configured 4.2.2.X is the correct network, 

still issue post complete show run from Router 33

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

paul driver
VIP
VIP

‎12-08-2022 01:07 AM

Hello
You need to make sure 4.2.2.2 is being advertised extenally so router 3 can route towards it because even though you are natting on 4.2.2.2 does Router3 know how to reach it?

Plus append the ADD-ROUTE to the static nat statement so the NAT router the is aware of it own NAT address of 4.2.2.2

ip nat inside source static tcp 5.2.2.2 2222 4.2.2.2 80 add-route


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

slt20
Level 1
Level 1
In response to paul driver

‎12-08-2022 04:02 AM

the whole topology is as follows:

slt20_0-1670500262311.png

The packet is from the middle-bottom-server 5.2.2.2 to left-bottom-server 2.2.2.2. The static routes on router33  (that connects 5.2.2.2) include to 2.2.2.0/24 and 4.2.2.0/24, as below:

slt20_1-1670500656612.png

 

When I only map 5.2.2.2 to 4.2.2.2, and ping 2.2.2.2, it succeeds. But when I map 5.2.2.2:2222 to 4.2.2.2:80, and try to connect 2.2.2.2:80, when the packet arrives at router33 from the source 5.2.2.2, router33 translates the source address 5.2.2.2:2222 to 4.2.2.2:80, but it also changes the destination 2.2.2.2:80 to 2.2.2.2:0, which is abnormal.

 

0 Helpful

paul driver
VIP
VIP
In response to slt20

‎12-08-2022 01:06 PM - edited ‎12-08-2022 01:06 PM

Hello

@slt20 wrote:
 The static routes on router33  (that connects 5.2.2.2) include to 2.2.2.0/24 and 4.2.2.0/24, as below:

I see you have a static nat statement on a router33 that uses a NAT inside global address pertaining to a subnet residing on another router?

4.2.2.0/x resides on router34 so any host from that subnet shouldn’t be advertised or used on another router but router33  in your static nat statement suggest this isi happening  unless all routers are natting


router 33
ip nat inside source static tcp 5.2.2.2 2222 4.2.2.2   

router 34
hosts in 4.2.2.x 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

slt20
Level 1
Level 1
In response to paul driver

‎12-08-2022 10:47 PM

Yes, this is a manipulated case where 5.2.2.2 wants to stand for 4.2.2.2 to communicate with the outside world. Here I suppose router33, router34 and router32 are in a same AS, and router33 and router32 are the border router. I configure the same NAT on both router33 and router32. 

0 Helpful

Martin L
VIP
VIP

‎12-08-2022 11:30 AM

PT is just a simulator of IOS, a software written to mimic behavior of real Cisco devices but not all functions and features are supported and those that are available may not behave the same way as real device.

You can attach your PT file here (must be in a zip format)

Regards, ML
**Please Rate All Helpful Responses **

0 Helpful

slt20
Level 1
Level 1
In response to Martin L

‎12-08-2022 10:49 PM

the PT file is attached here. Thank you very much!

test.zip
0 Helpful

paul driver
VIP
VIP
In response to slt20

‎12-09-2022 12:40 AM - edited ‎12-09-2022 12:41 AM

Hello
Looking at your PT file I think what you are trying to achieve it Stateful nat redundancy, but this topology doesn’t reflect your original post

As you have stated host 5.2.2.x resides on router 33 but you have the exact same static nat statement both router 32 & 33, However those two routers are not sharing any routing domain because you are performing static routing, plus all four routers do not have full visibility to each other, due to missing routes for each router transit path

Going forward you need to apply dynamic routing ( ospf/eigrp) and apply if PT support it stateful nat - here

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents