Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
441
Views
0
Helpful
4
Replies

NAT Translations...Inside/Outside address the same

shane.wesley
Level 1
Level 1

‎06-24-2008 07:57 AM - edited ‎03-03-2019 10:28 PM

Seeing a really odd NAT Translation on a remote site rtr.

tcp 209.153.x.x:53678 10.1.10.5:53678 209.153.x.x:13806 209.153.x.x:13806

The 'Inside global(209.153.x.x)' is correct(routable IP we use to route all NAT addresses), the 'Inside Local(10.1.10.5)' is correct(the NAT address that host is getting)...

BUT

the 'Outside Local(209.153.x.x)' address is the same as the Inside Global and the 'Outside Global(209.153.x.x)' is the same.

In all my experience and everything I've seen before, the Outside Local should be the address that host is going to. It should NEVER be the same as the 'Inside Global'.

Am I wrong on this? Or is something weird going on? I've noticed this at a couple remote sites now, and best I can tell the configs are correct. Checked, double-checked, verified against other sites that I have not seen this at...

Labels:
0 Helpful
4 Replies 4

stephen.stack
Level 4
Level 4

‎06-24-2008 08:29 AM

Hi,

Having read through this document a little bit it appears that this a normal 'inside to outside' Nat translation.

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094837.shtml

I seems that the port numbers 53678 is a random port chosen by nat to preform PAT and the port nummber 3806 is the port that the internal host needs to connect to - externally.

I am open to correction on this.

Hope this helps (please rate if it does)

Stephen

========================== http://www.rconfig.com A free, open source network device configuration management tool, customizable to your needs! - Always vote on an answer if you found it helpful
0 Helpful

shane.wesley
Level 1
Level 1
In response to stephen.stack

‎06-24-2008 08:38 AM

Thank you for the reply. I also read that earlier, and this is what I took from it...

"The local addresses are addresses that appear on the inside cloud. Global addresses are addresses that appear on the outside cloud. Because of the way NAT is configured, the inside addresses are the only addresses that are translated. Therefore, the inside local address is different from the inside global address."

That and the fact none of the examples they show have the same 'local' & 'global' address...Tells me they shouldn't be the same???

But I don't know, maybe I'm incorrect...What would be the reason to translate a public-to-NAT-back to the same public?

0 Helpful

sdoremus33
Level 3
Level 3
In response to shane.wesley

‎06-24-2008 11:21 AM

PAT would be an explanation of this

Ex:

HstA -----> PAT -----> Internet---->

Hst B

There is usually one public address that all networks on the private network share but the src posrt of the outgoing datagram is changed to a unique value that is used to associate return datagrams with the originating private address. HTH

0 Helpful

stephen.stack
Level 4
Level 4
In response to shane.wesley

‎06-25-2008 12:08 AM

Ok,

Lets look at it this way. Let's assume the NAT Translation is correct. Then it could be a case where some thing inside your network is attempting to contact the external/public IP of your network.

For example;

A windows host with outlook installed configured to retrive mail from your public IP address. This would case this type of translation.

HTH

Stephen

========================== http://www.rconfig.com A free, open source network device configuration management tool, customizable to your needs! - Always vote on an answer if you found it helpful
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card