NAT Query

Answered Question
Apr 18th, 2009

I have configured nat and when i do my h ip nat translations, it show nothing but there are hits on the statistics. what does this mean?

DUT_3825#sh ip nat translations

DUT_3825#sh ip nat sta

DUT_3825#sh ip nat statistics

Total active translations: 0 (0 static, 0 dynamic; 0 extended)

Peak translations: 15, occurred 04:09:50 ago

Outside interfaces:

Serial0/3/0

Inside interfaces:

Loopback1

Hits: 20 Misses: 0

CEF Translated packets: 10, CEF Punted packets: 91072

Expired translations: 2

Dynamic mappings:

-- Inside Source

[Id: 5] access-list 99 interface Serial0/3/0 refcount 0

Appl doors: 0

Normal doors: 0

Queued Packets: 0

I have this problem too.
0 votes
Correct Answer by lamav about 7 years 9 months ago

NAT translations do time out after 60 seconds. So, make sure you check the table within that time period.

Why don't you post your NAT configuration, including the acl, and lets see what you have going on.

If you ran some PING test, post those too.

Victor

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
mailaglady2 Sat, 04/18/2009 - 10:44

I am using a traffic generator so I can't ping using my ethernet as a source address because the router don't like the traffic generator.

DUT_3825#ping 192.4.1.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.4.1.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

DUT_3825#ping 192.1.1.2 source 192.4.1.2

% Invalid source address- IP address not on any of our up interfaces

lamav Sat, 04/18/2009 - 11:06

Hi:

Hits occur when NAT looks for a mapping, and finds one. Misses occur when NAT looks for a NAT table entry, does not find one, and then needs to dynamically add one.

If everything is working fine, when you first initiiate a PING to test your NAT, the hit counter should increment and the miss counter should increment by 1. If the translation is built successfully, the miss counter will no longer increment becuase it no longer "misses" the NAT because it is now in the NAT translation table.

Once the translation expires, the miss counter will increment by 1 the next time you PING.

HTH

Victor

mailaglady2 Sat, 04/18/2009 - 12:46

If you can refer to my 1st post you will see that there are no misses, but still my "sh ip nat translations" do not show anything though there are matches/hits. Does this means my Nat'ing is not working fine?

Correct Answer
lamav Sat, 04/18/2009 - 12:57

NAT translations do time out after 60 seconds. So, make sure you check the table within that time period.

Why don't you post your NAT configuration, including the acl, and lets see what you have going on.

If you ran some PING test, post those too.

Victor

mailaglady2 Sat, 04/18/2009 - 13:24

Oh yes, I was taking a lot of time before checking the translations, thanks.

My translations are ok.

DUT_3825#sh ip nat translations

Pro Inside global Inside local Outside local Outside global

icmp 192.1.1.1:120 10.0.0.1:120 20.0.0.1:120 20.0.0.1:120

Just to let you know, I failed my ONT exam on Thursday. I got 661 and the pass mark was 790, I was confident but they proved that I actually know nothing.

What other material can I use for preparation for this exam. I used the student guide I got from Torque-IT last year, but at the bottom of the page it's written 2006 Cisco Systems.

lamav Sat, 04/18/2009 - 15:14

Hi:

I'm glad that everything is working for you and that I was able to help. :-)

Don't feel bad about failing the exam. You fell off the horse, that's all. Now get back up, dust yourself off and charge again.

I am sorry, I have never prepared for that exam, so I am not sure I know what material to use to study. :-(

Victor

Actions

This Discussion