Looks like I was right and I bored everyone to death before they got to the
end, so I'll be brief this time.
Tried this out today to confirm/deny a rumour:
global (outside) 1 192.168.20.1-192.168.20.4
This did NAT for five devices, then refused further translations.
Then:
global (outside) 1 192.168.20.1-192.168.20.3
global (outside) 1 192.168.20.4
This did NAT for four devices, then did PAT for any others. If one of the
NAT translations was freed up, that was used as a priority and then PAT
started again.
What I forgot to try, was including the outside interface address within the
range. Anyone save my weary back dragging the 520 out again tomorrow?
:-)
Regards,
Gaz
""Gareth Hinton"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Had some problem site today where router was constantly dialling different
> sites. I must admit this was not a Cisco router, it was a Bintec but I
think
> a problem which would be the same with a Cisco, so thought I'd mention it
> here.
> I shoved a sniffer on the ethernet interface of the router (Bintec debug
is
> poor), and found that three servers on the LAN were constantly sending
http
> port 80 packets to (almost) random addresses. I say random, because they
did
> seem to be within the Class A range even though the ethernet was using a
24
> bit mask.
> There was no reason for this traffic apparently, other than one of the
> variants of Code Red virus on the three servers. Once all the Microsoft
> patches were installed and the servers re-booted, the problem disappeared.
> I'll be honest that I haven't had a good look which of the variants it
was,
> as the rest of the day has been pretty busy.
>
>
> Also had another problem which I don't know whether is connected or not.
> We've had a sudden flow of support customers with Pix 506 which keep
> re-booting (very regularly - few minutes).
> We've replaced a few of them, upgrading the code from the deferred 5.3.1
to
> 5.3.2 and waiting to hear whether that alone has cured the problem.
> In the lab, I couldn't get the box to fall over even with the deferred
code
> on. Tried using the sniffed packets from above server faults with traffic
> generator to generate 100% network traffic, but still stayed up.
>
> Something I did notice was that the customers config used the outside
> interface within the global range, and had no overload.
>
> i.e. (IP addresses changed)
>
> ip address outside 192.49.146.243 255.255.255.248
> global (outside) 1 192.49.146.243-192.49.146.246
>
> whereas I used something more like:
>
> ip address outside 192.49.146.243 255.255.255.248
> global (outside) 1 192.49.146.244-192.49.146.245
> global (outside) 1 192.49.146.246
>
> I know I could now use the outside interface with the accepted commands,
but
> I am not convinced that the customers config is a workable method.
>
> Can anybody advise on whether or not the customers config would actually
do
> PAT, or whether it would allow four NAT sessions then stop.
> I won't rattle on any more as I suspect the number of people reading this
> far is limited, but may have further input if the thread continues.
>
> Regards,
>
> Gaz
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=15376&t=15160
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
