this discussion (to EASY STORY) is supossed to :
1) get an confirmation, if the behaviour is bug or normal. If normal, what can I do to accomplish my task.
2) let someone with latest IOS train to test it, or perhaps to open a case if this is in his interest to be running, too. I dont have time, nor it's such criticial task to open a case on this.
So, after long time I underwent a research of full caveats document on the web, found nothing pointing to this NAT issue , for IOS 12.4(18), lets say IP ADv. Service I run. But issue \
may lie in whatever version of that train, even the latest 12.4(23)..
Well, I have a router with 2 interfaces, Fa0/0 to my PC (nat inside), Fa0/1 (nat outside) to modem and Internet.. and a single NAT rule set up, to establish a path to modem (has
a Web GUI), which normaly has no route back to PC. So the rule (static source) makes source IP of PC packets to get translated to source IP of F0/1 - direct link with that
modem. This is right, and 100% this must perform for packets traversing the router between these interfaces.
However, for traffic originating from router and related only to FE0/1 interface with modem (when I want to perform simple ping to existing Internet host), the router applies
this rule alike!!, and tries to translate the responses to go to your PC on F0/0! This is crazy. And the question 1 again is, if this is normal, and if yes, how can I make the
router traffic to run in parallel with NAT rule. If I turn it off, it runs OK.
3) The configuration first :
description <<e.g towards remote PC located on different subnet>
ip address 172.19.250.42 255.255.255.192
ip nat inside
description PS_UPLINK... to modem and Internet
ip address 172.16.254.97 255.255.255.248
ip nat outside
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 172.16.254.98
ip route a.a.78.65 172.19.250.1 // its the address of remote PC
no ip http server
no ip http secure-server
ip nat inside source static a.a.78.65 interface FastEthernet0/1
2) Failing pings, see the "." ...
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to x.x.94.140, timeout is 2 seconds:
Apr 17 10:11:03.004 CET: NAT*: s=x.x.94.140, d=172.16.254.97->a.a.78.65 .
Apr 17 10:11:05.067 CET: NAT*: s=x.x.94.140, d=172.16.254.97->a.a.78.65 .
Apr 17 10:11:07.046 CET: NAT*: s=x.x.94.140, d=172.16.254.97->a.a.78.65 .
Apr 17 10:11:09.074 CET: NAT*: s=x.x.94.140, d=172.16.254.97->a.a.78.65 .
Success rate is 0 percent (0/5)
3) A cosmetic issue... look for icmptimeout value 60000.. when normally its defined in seconds, and counters decreseas in seconds properly :)
SRCGRZ33#sh ip nat translations verbose
Pro Inside global Inside local Outside local Outside global
icmp 172.16.254.97:27 a.a.78.65:27 x.x.94.140:27 x.x.94.140:27
create 00:00:09, use 00:00:04 timeout:60000, left 00:00:55,
extended, use_count: 0, entry-id: 1128, lc_entries: 0