cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

2614
Views
0
Helpful
21
Replies
Cisco Employee

CGN NAT44 configuration issue: Unable to obtain requested inform

Hello,

let's try to answer this new question in the different topic you opened here:

https://supportforums.cisco.com/message/3841906#3841906

Cheers,

N.

Beginner

Re: CGN NAT44 configuration issue: Unable to obtain requested in

Hi Nicolas,

Hopefully the discussion still open. Currently I'm running ISM version 4.2.x and  I have 2 questions regarding NAT44 :

1. please confirm my current understanding : In order to create different nat pool within ISM linecard, we need to create another serviceApp interface for inside and outside vrf (if needed - in this case, i'm using vrf for outside address), but still we can use the existing serviceInfra interface.

2. Static port forwarding. Based on the definition :Static port forwarding helps in associating a private IP address and port with a statically allocated public IP and port. on this document I've read:  (http://www.cisco.com/en/US/docs/routers/crs/software/crs_r4.3/cg_nat/configuration/guide/cgc43cgn.pdf) , the configuration only maps private ip and port, but not with static public ip and port, which I'm assuming the public translated IP address are still mapped with specified pool (i.e /26 or /30) and not statically public ip and port

need your advice on this

Thanks



Cisco Employee

Re: CGN NAT44 configuration issue: Unable to obtain requested in

Hi Adiyudha,

1: yes, at least you'll need to have multiple inside serviceApps to assign to each inside VRF

2: the software does not give you the ability to pick the external address and will do it for you inside the pool.

So indeed, you map inside address and port. The port will be the same on the outside and the CGN software will pick one address based on the hash algorithm.

Kind regards,

N.

Highlighted
Beginner

Re: CGN NAT44 configuration issue: Unable to obtain requested in

Hi Nicolas,

Appreciate your swift response. So the closest condition to match the 1:1 mapping is to create the smallest pool range and port range.

Once the connection established, as per my understanding, the mapping table will remain persist / not change at all until the box reloaded / the nat session cleared.

Thanks

Adiyudha

Cisco Employee

Re: CGN NAT44 configuration issue: Unable to obtain requested in

Hi Adiyudha,

I'm not sure it's a good workaround to mimic a 1:1 translation, unfortunately.

Once the translation is configured, it will map the defined inside address to a outside address for a particular port (and not a range of port, just for one port). So, if you map port 80 for inside address A for example, it doesn't mean that other ports of address A will be mapped statically. On the contrary, they will be mapped randomly to outside ports.

The tested scale for static mapping is 6000 entries (pair of address+port), not 6000 addresses.

The mapping being static, it is not initiated by i2o traffic, but by configuration, so it can only be cleared by removing the configuration.

The mapping is preserved if the card or chassis is reloaded.

Hope it clarifies a bit,

Best regards,

N.

Hi, Nicholas: I was wondering

Hi, Nicholas:

 

I was wondering if you could help with a problem I'm having.

 

I have a very similar setup to what is described in deployment guides (with VSM 5.1.2) where I use ABF to divert traffic into the inside serviceapp3 interface. there are differences though:

- ABF is configured on an interface in an NV Sat.

- The nv sat interface is on the default VRF with ABF pointing to NH within inside-vrf.

- static route pointing to ServiceApp33 (vrf default)

- static route in inside-vrf pointing to NH on vrf default

 

My problem is that everything points to traffic going into the VSM, NAT translation being generated and I actually see I2O packets, but no return whatsoever.

 

RP/0/RSP0/CPU0:XXXXXX#show cgn nat44 NAT44-3 inside-translation protocol icmp inside-vrf INSIDE inside-address 192.168.136.129$
Wed Jan 28 10:14:35.544 CST
Inside-translation details
---------------------------
NAT44 instance : NAT44-3
Inside-VRF     : INSIDE
--------------------------------------------------------------------------------------------
   Outside         Protocol  Inside       Outside       Translation   Inside      Outside
   Address                   Source       Source        Type          to          to
                             Port         Port                        Outside     Inside
                                                                      Packets     Packets
--------------------------------------------------------------------------------------------
  200.x.y.1      icmp    71           61327         dynamic       5           0           
RP/0/RSP0/CPU0:XXXXXX#show run router static
Wed Jan 28 10:14:49.528 CST
router static
 address-family ipv4 unicast
  200.x.y.0/24 ServiceApp33

 !

vrf INSIDE
  address-family ipv4 unicast
   192.168.136.128/25 vrf default GigabitEthernet100/0/0/0 192.168.136.2
 !

At least the inside portion looks fine. On the outside serviceapp I see output packets, but no input packets. As you can see, I have the return static route pointing to Sapp33 and the return static route to where traffic origin is; still no luck.

 

Any advice?

Thanks,

c.

Beginner

HiI have ASR9K box running

Hi

I have ASR9K box running CGN , I have two questions

The Public pool assigned is two /21 subnets which means 4096 IP addresses . why am seeing Pool address used: 3876 ?

In the run attach 0/4/CPU0 what other commands i can use other than # show_nat44_stats ? How can i list the available options ?

I have port-limit of 100 , I made ur calculations above and i got 72 Ports per User , should I increase the port-limit ?

 

Thanks

 

BR,

Mohammad

 

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here