NAT Query

Answered Question
Apr 18th, 2009
User Badges:

I have configured nat and when i do my h ip nat translations, it show nothing but there are hits on the statistics. what does this mean?


DUT_3825#sh ip nat translations


DUT_3825#sh ip nat sta

DUT_3825#sh ip nat statistics

Total active translations: 0 (0 static, 0 dynamic; 0 extended)

Peak translations: 15, occurred 04:09:50 ago

Outside interfaces:

Serial0/3/0

Inside interfaces:

Loopback1

Hits: 20 Misses: 0

CEF Translated packets: 10, CEF Punted packets: 91072

Expired translations: 2

Dynamic mappings:

-- Inside Source

[Id: 5] access-list 99 interface Serial0/3/0 refcount 0

Appl doors: 0

Normal doors: 0

Queued Packets: 0

Correct Answer by lamav about 8 years 1 month ago

NAT translations do time out after 60 seconds. So, make sure you check the table within that time period.


Why don't you post your NAT configuration, including the acl, and lets see what you have going on.


If you ran some PING test, post those too.


Victor

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
paolo bevilacqua Sat, 04/18/2009 - 10:29
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

Does NAT works ? inside loopback is a bit strange choice.

mailaglady2 Sat, 04/18/2009 - 10:44
User Badges:

I am using a traffic generator so I can't ping using my ethernet as a source address because the router don't like the traffic generator.


DUT_3825#ping 192.4.1.2


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.4.1.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms


DUT_3825#ping 192.1.1.2 source 192.4.1.2


% Invalid source address- IP address not on any of our up interfaces



lamav Sat, 04/18/2009 - 11:06
User Badges:
  • Blue, 1500 points or more

Hi:


Hits occur when NAT looks for a mapping, and finds one. Misses occur when NAT looks for a NAT table entry, does not find one, and then needs to dynamically add one.


If everything is working fine, when you first initiiate a PING to test your NAT, the hit counter should increment and the miss counter should increment by 1. If the translation is built successfully, the miss counter will no longer increment becuase it no longer "misses" the NAT because it is now in the NAT translation table.


Once the translation expires, the miss counter will increment by 1 the next time you PING.


HTH


Victor



mailaglady2 Sat, 04/18/2009 - 12:46
User Badges:

If you can refer to my 1st post you will see that there are no misses, but still my "sh ip nat translations" do not show anything though there are matches/hits. Does this means my Nat'ing is not working fine?

Correct Answer
lamav Sat, 04/18/2009 - 12:57
User Badges:
  • Blue, 1500 points or more

NAT translations do time out after 60 seconds. So, make sure you check the table within that time period.


Why don't you post your NAT configuration, including the acl, and lets see what you have going on.


If you ran some PING test, post those too.


Victor

mailaglady2 Sat, 04/18/2009 - 13:24
User Badges:

Oh yes, I was taking a lot of time before checking the translations, thanks.


My translations are ok.

DUT_3825#sh ip nat translations

Pro Inside global Inside local Outside local Outside global

icmp 192.1.1.1:120 10.0.0.1:120 20.0.0.1:120 20.0.0.1:120


Just to let you know, I failed my ONT exam on Thursday. I got 661 and the pass mark was 790, I was confident but they proved that I actually know nothing.


What other material can I use for preparation for this exam. I used the student guide I got from Torque-IT last year, but at the bottom of the page it's written 2006 Cisco Systems.

lamav Sat, 04/18/2009 - 15:14
User Badges:
  • Blue, 1500 points or more

Hi:


I'm glad that everything is working for you and that I was able to help. :-)


Don't feel bad about failing the exam. You fell off the horse, that's all. Now get back up, dust yourself off and charge again.


I am sorry, I have never prepared for that exam, so I am not sure I know what material to use to study. :-(


Victor

Actions

This Discussion