06-24-2008 07:57 AM - edited 03-03-2019 10:28 PM
Seeing a really odd NAT Translation on a remote site rtr.
tcp 209.153.x.x:53678 10.1.10.5:53678 209.153.x.x:13806 209.153.x.x:13806
The 'Inside global(209.153.x.x)' is correct(routable IP we use to route all NAT addresses), the 'Inside Local(10.1.10.5)' is correct(the NAT address that host is getting)...
BUT
the 'Outside Local(209.153.x.x)' address is the same as the Inside Global and the 'Outside Global(209.153.x.x)' is the same.
In all my experience and everything I've seen before, the Outside Local should be the address that host is going to. It should NEVER be the same as the 'Inside Global'.
Am I wrong on this? Or is something weird going on? I've noticed this at a couple remote sites now, and best I can tell the configs are correct. Checked, double-checked, verified against other sites that I have not seen this at...
06-24-2008 08:29 AM
Hi,
Having read through this document a little bit it appears that this a normal 'inside to outside' Nat translation.
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094837.shtml
I seems that the port numbers 53678 is a random port chosen by nat to preform PAT and the port nummber 3806 is the port that the internal host needs to connect to - externally.
I am open to correction on this.
Hope this helps (please rate if it does)
Stephen
06-24-2008 08:38 AM
Thank you for the reply. I also read that earlier, and this is what I took from it...
"The local addresses are addresses that appear on the inside cloud. Global addresses are addresses that appear on the outside cloud. Because of the way NAT is configured, the inside addresses are the only addresses that are translated. Therefore, the inside local address is different from the inside global address."
That and the fact none of the examples they show have the same 'local' & 'global' address...Tells me they shouldn't be the same???
But I don't know, maybe I'm incorrect...What would be the reason to translate a public-to-NAT-back to the same public?
06-24-2008 11:21 AM
PAT would be an explanation of this
Ex:
HstA -----> PAT -----> Internet---->
Hst B
There is usually one public address that all networks on the private network share but the src posrt of the outgoing datagram is changed to a unique value that is used to associate return datagrams with the originating private address. HTH
06-25-2008 12:08 AM
Ok,
Lets look at it this way. Let's assume the NAT Translation is correct. Then it could be a case where some thing inside your network is attempting to contact the external/public IP of your network.
For example;
A windows host with outlook installed configured to retrive mail from your public IP address. This would case this type of translation.
HTH
Stephen
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide