04-18-2009 10:13 AM - edited 03-04-2019 04:25 AM
I have configured nat and when i do my h ip nat translations, it show nothing but there are hits on the statistics. what does this mean?
DUT_3825#sh ip nat translations
DUT_3825#sh ip nat sta
DUT_3825#sh ip nat statistics
Total active translations: 0 (0 static, 0 dynamic; 0 extended)
Peak translations: 15, occurred 04:09:50 ago
Outside interfaces:
Serial0/3/0
Inside interfaces:
Loopback1
Hits: 20 Misses: 0
CEF Translated packets: 10, CEF Punted packets: 91072
Expired translations: 2
Dynamic mappings:
-- Inside Source
[Id: 5] access-list 99 interface Serial0/3/0 refcount 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0
Solved! Go to Solution.
04-18-2009 12:57 PM
NAT translations do time out after 60 seconds. So, make sure you check the table within that time period.
Why don't you post your NAT configuration, including the acl, and lets see what you have going on.
If you ran some PING test, post those too.
Victor
04-18-2009 10:29 AM
Does NAT works ? inside loopback is a bit strange choice.
04-18-2009 10:44 AM
I am using a traffic generator so I can't ping using my ethernet as a source address because the router don't like the traffic generator.
DUT_3825#ping 192.4.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.4.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
DUT_3825#ping 192.1.1.2 source 192.4.1.2
% Invalid source address- IP address not on any of our up interfaces
04-18-2009 11:06 AM
Hi:
Hits occur when NAT looks for a mapping, and finds one. Misses occur when NAT looks for a NAT table entry, does not find one, and then needs to dynamically add one.
If everything is working fine, when you first initiiate a PING to test your NAT, the hit counter should increment and the miss counter should increment by 1. If the translation is built successfully, the miss counter will no longer increment becuase it no longer "misses" the NAT because it is now in the NAT translation table.
Once the translation expires, the miss counter will increment by 1 the next time you PING.
HTH
Victor
04-18-2009 12:46 PM
If you can refer to my 1st post you will see that there are no misses, but still my "sh ip nat translations" do not show anything though there are matches/hits. Does this means my Nat'ing is not working fine?
04-18-2009 12:57 PM
NAT translations do time out after 60 seconds. So, make sure you check the table within that time period.
Why don't you post your NAT configuration, including the acl, and lets see what you have going on.
If you ran some PING test, post those too.
Victor
04-18-2009 01:24 PM
Oh yes, I was taking a lot of time before checking the translations, thanks.
My translations are ok.
DUT_3825#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 192.1.1.1:120 10.0.0.1:120 20.0.0.1:120 20.0.0.1:120
Just to let you know, I failed my ONT exam on Thursday. I got 661 and the pass mark was 790, I was confident but they proved that I actually know nothing.
What other material can I use for preparation for this exam. I used the student guide I got from Torque-IT last year, but at the bottom of the page it's written 2006 Cisco Systems.
04-18-2009 03:14 PM
Hi:
I'm glad that everything is working for you and that I was able to help. :-)
Don't feel bad about failing the exam. You fell off the horse, that's all. Now get back up, dust yourself off and charge again.
I am sorry, I have never prepared for that exam, so I am not sure I know what material to use to study. :-(
Victor
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: