[OSL | CCIE_RS] Weird NAT behaviour

Thu, 31 May 2012 12:27:39 -0700 



Hi all,Saw a strange one today. Topology simlicity itself: R5 F0/0 is an inside 
interface on private address space, 10.1.1.1/24.  NAT insideR5 F0/1 is a public 
interface on dummy public address space 1.1.1.1/24, NAT outside. I had one of 
the Cat switches configured as a dummy host on R5 F0/0, ip address of 
10.1.1.100/24 but no DFG set and no routing running. Made sure proxy arp 
enabled on R5 F0/0I had a second Cat, configured as a dummy host on R5 F0/1 
VLAN with public address 1.1.1.254. Again no DFG. The idea was to allow the two 
to talk to each other, through the router, using NAT to get around the lack of 
DFG thing.  I even remembered a static route to force the inside to outside 
packet to route before NAT. It did not work as expected.  When I pinged from 
Cat on f0/0 to Cat on f0/1, the ping got as far as Cat on F0/1, but the return 
had an encapsulation fail.  Turns out there was no arp entry for 1.1.1.100 on 
the second Cat. As a workaround, I ended up putting a secondary 
 IP address on f0/1 of 1.1.1.100 but I don't think I should have had to have 
done this!! Doing a show ip alias on R5, showed no dynamic entry to 1.1.1.100, 
despite the NAT statement being clearly there.  Printout attached: 

R5#sh ip int brief

Interface                 
IP-Address      OK? Method
Status                Protocol

FastEthernet0/0           
10.1.1.1        YES manual up                    up

FastEthernet0/1           
1.1.1.1         YES manual up                    up

 

R5#sh run | b 0/0

interface FastEthernet0/0

 ip address 10.1.1.1
255.255.255.0

 ip nat inside

 ip virtual-reassembly

 duplex auto

 speed auto

!

interface FastEthernet0/1

 ip address 1.1.1.1
255.255.255.0

 ip nat outside

 ip virtual-reassembly

 duplex auto

 speed auto

 

R5#sh run | i nat

 ip nat inside

 ip nat outside

ip nat inside source static 10.1.1.100 1.1.1.100

ip nat outside source static 1.1.1.254 10.1.1.254

 

ip route 10.1.1.254 255.255.255.255 1.1.1.254

R5#sh ip alias

Address Type            
IP Address      Port

Interface               
1.1.1.1

Interface               
10.1.1.1

Dynamic                 
10.1.1.254



 

R5#sh ip nat trans

Pro Inside global     
Inside local       Outside
local      Outside global

--- ---               
---                10.1.1.254         1.1.1.254

--- 1.1.1.100         
10.1.1.100         ---                ---

Has anyone seen this behaviour before?                                    
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com

http://onlinestudylist.com/mailman/listinfo/ccie_rs














    











					Reply via email to