cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
557
Views
0
Helpful
4
Replies

Why the ping reply fails when we have a PAT device in the path.

kamalgu
Cisco Employee
Cisco Employee

i have 3 routers connected as shown in figure.

I have given a command of PAT on r2.

 

ip nat pool pat 25.1.0.1 25.1.0.100 prefix-length 24

ip nat inside source list 2 pool pat overload

 

Standard IP access list 2
10 permit 1.1.1.0, wildcard bits 0.0.0.255

 

If I ping from R3 to R1. The return traffic get PATed from R2 and R3 does not accept the ping reply

But if I change it to NAT then the ping reply is accepted.

My first question is: In case of NAT I am pinging IP 1.1.1.1 from 3.3.3.3. The ping reply gets NATed from R2 with an IP 25.1.0.1 (i.e IP from pool). Router R3 still accepts the ping. So router does not router has to check the source IP of the reply as it should have expected the reply from 1.1.1.1.

 

Other thing is in case of PAT why is not working then.

I have referred https://community.cisco.com/t5/switching/can-t-ping-from-outside-to-inside-nat/td-p/3201182 and understood that PAT will not work. But my question is if NAT is working then PAT will not.

4 Replies 4

Hello,

 

post the full configurations of all three routers...

R1#show run
version 15.2
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Loopback1
ip address 1.1.1.2 255.255.255.255
!
interface Loopback2
ip address 1.1.1.3 255.255.255.255
!
interface Loopback3
ip address 1.1.1.4 255.255.255.255
!
interface Loopback4
ip address 1.1.1.45 255.255.255.255
!
interface GigabitEthernet1/0
ip address 12.0.0.1 255.255.255.0
negotiation auto
!
router ospf 1
network 0.0.0.0 255.255.255.255 area 0


R2#show run
version 15.2
!
interface GigabitEthernet1/0
ip address 12.0.0.2 255.255.255.0
ip nat inside
negotiation auto
!
interface GigabitEthernet2/0
ip address 23.0.0.2 255.255.255.0
ip nat outside
negotiation auto
!
router ospf 1
network 0.0.0.0 255.255.255.255 area 0
!
ip nat pool pat 25.1.0.1 25.1.0.100 prefix-length 24
ip nat inside source list 1 pool pat overload
!
access-list 1 permit 1.1.1.0 0.0.0.255

R3#show run
!
version 15.2
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface Loopback1
ip address 3.3.3.1 255.255.255.255
!
interface Loopback2
ip address 3.3.3.2 255.255.255.255
!
interface Loopback3
ip address 3.3.3.4 255.255.255.255
!
interface GigabitEthernet2/0
ip address 23.0.0.3 255.255.255.0
negotiation auto
!
router ospf 1
network 0.0.0.0 255.255.255.255 area 0
!
ip route 25.0.0.0 255.0.0.0 23.0.0.2
ip route 25.0.0.0 255.255.255.0 23.0.0.2
ip route 25.1.0.0 255.255.0.0 23.0.0.2
!
access-list 100 deny ip any 224.0.0.0 0.0.0.255
access-list 100 permit ip any any


Hello,

 

I have labbed your setup in GNS3, I assume this is the configuration where PING traffic works. What do you have configured when it does NOT work ?

Hi,
This is a non-working setup. Kindly try to ping 1.1.1.1 from router R3. You will get the ping reply with source address PATed and the router R3 will not accept this reply.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: