09-24-2012 12:44 AM - edited 03-07-2019 09:03 AM
Hi,
I've done a test in this scenario R1-------R2(NAT)--------R3 pinging R1's loopback (192.168.0.1) from R3's loopback (192.168.0.3)
R2#
ip nat outside source static 192.168.0.3 10.10.0.10
R2#deb ip nat det
IP NAT detailed debugging is on
R2#
*Mar 1 01:23:24.883: NAT: Processing out-2-in packet in after_routing2
*Mar 1 01:23:24.887: NAT: s=192.168.0.3->10.10.0.10, d=192.168.0.1 [28]
R2#
R2#
R2#
R2#
*Mar 1 01:23:26.907: NAT*: o: icmp (192.168.0.3, 11) -> (192.168.0.1, 11) [29]
*Mar 1 01:23:26.911: NAT*: s=192.168.0.3->10.10.0.10, d=192.168.0.1 [29]
R2#
R2#
R2#sh ip nat trans
Pro Inside global Inside local Outside local Outside global
--- --- --- 10.10.0.10 192.168.0.3
icmp 192.168.0.1:11 192.168.0.1:11 10.10.0.10:11 192.168.0.3:11
R2#
As you can see (icmp) NAT entry ends with :11 while NAT debugging lines have [28] and [29] at the end
What is the meaning of these different values ?
Thanks.
09-25-2012 04:47 AM
Any idea ?
09-25-2012 07:45 AM
Hi Carlo,
The indication 11, 28, 29 refers to the packet reference value. Say your 1st ping will get you 1... then further ping results will give you 2,3,4,5.... so on... So you are refering the 11th packet transmitted when u gave sh ip nat trans... But your debug shows current packet transmitted... So if you chk sh ip nat trans after initiating the requests parallely it will show the correct one. Do clear ip nat trans * and then try this... it shoudl show the correct values....
Router#
NAT: s=192.168.1.10->10.0.0.1, d=10.0.0.1 [13]
NAT: s=192.168.1.10->10.0.0.1, d=10.0.0.1 [14]sh ip nat
Router#sh ip nat tr
Router#sh ip nat translations
NAT: s=192.168.1.10->10.0.0.1, d=10.0.0.1 [15]
Pro Inside global Inside local Outside local Outside global
icmp 10.0.0.1:13 192.168.1.10:13 10.0.0.1:13 10.0.0.1:13
icmp 10.0.0.1:14 192.168.1.10:14 10.0.0.1:14 10.0.0.1:14
icmp 10.0.0.1:15 192.168.1.10:15 10.0.0.1:15 10.0.0.1:15
--- 10.0.0.1 192.168.1.10 --- ---
--- 10.0.0.2 192.168.1.20 --- ---
Router#
NAT: s=192.168.1.10->10.0.0.1, d=10.0.0.1 [16]
Please do rate if the given information helps.
By
Karthik
09-25-2012 08:49 AM
Doing some test I've reached this conclusion....
It seems id shown at the end of nat entry (11 in my previous post) is the identifier of the icmp packets belonging to the same ping train (same icmp identifier for all ping's packets) whereas value shown in the nat debug lines is the identifier carried by IP packet header for each ping's packet (incremented 1 by 1)
Here, for example, ping's packets icmp identifier is 1 for each of the 5 packets (ping default)
R2#
*Mar 1 00:05:13.019: NAT: i: icmp (192.168.0.1, 1) -> (192.168.0.3, 1) [5]
*Mar 1 00:05:13.023: NAT: s=192.168.0.1->10.10.2.10, d=192.168.0.3 [5]
*Mar 1 00:05:13.135: NAT*: o: icmp (192.168.0.3, 1) -> (10.10.2.10, 1) [5]
*Mar 1 00:05:13.135: NAT*: s=192.168.0.3, d=10.10.2.10->192.168.0.1 [5]
*Mar 1 00:05:13.239: NAT: i: icmp (192.168.0.1, 1) -> (192.168.0.3, 1) [6]
*Mar 1 00:05:13.239: NAT: s=192.168.0.1->10.10.2.10, d=192.168.0.3 [6]
*Mar 1 00:05:13.243: NAT*: o: icmp (192.168.0.3, 1) -> (10.10.2.10, 1) [6]
*Mar 1 00:05:13.247: NAT*: s=192.168.0.3, d=10.10.2.10->192.168.0.1 [6]
R2#
*Mar 1 00:05:13.267: NAT: i: icmp (192.168.0.1, 1) -> (192.168.0.3, 1) [7]
*Mar 1 00:05:13.267: NAT: s=192.168.0.1->10.10.2.10, d=192.168.0.3 [7]
*Mar 1 00:05:13.279: NAT*: o: icmp (192.168.0.3, 1) -> (10.10.2.10, 1) [7]
*Mar 1 00:05:13.279: NAT*: s=192.168.0.3, d=10.10.2.10->192.168.0.1 [7]
*Mar 1 00:05:13.335: NAT: i: icmp (192.168.0.1, 1) -> (192.168.0.3, 1) [8]
*Mar 1 00:05:13.335: NAT: s=192.168.0.1->10.10.2.10, d=192.168.0.3 [8]
*Mar 1 00:05:13.391: NAT*: o: icmp (192.168.0.3, 1) -> (10.10.2.10, 1) [8]
*Mar 1 00:05:13.391: NAT*: s=192.168.0.3, d=10.10.2.10->192.168.0.1 [8]
R2#
*Mar 1 00:05:13.415: NAT: i: icmp (192.168.0.1, 1) -> (192.168.0.3, 1) [9]
*Mar 1 00:05:13.419: NAT: s=192.168.0.1->10.10.2.10, d=192.168.0.3 [9]
*Mar 1 00:05:13.427: NAT*: o: icmp (192.168.0.3, 1) -> (10.10.2.10, 1) [9]
*Mar 1 00:05:13.427: NAT*: s=192.168.0.3, d=10.10.2.10->192.168.0.1 [9]
Do you agree with me ? Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide