unwanted translation in NAT table, is it attack?

Unanswered Question
Jun 29th, 2009


I have a cisco 1811. 2 pppoe connections to the internet.I have denied all the private IP in the acl and applied them to dialer1.

I've been mad by where these nat translation come from? (please see the attachment which has better format). 192.168.99.xx is actually local pool for vpn users. And these IP showed in the nat translation table are not leased out.

But sometimes, not only from 192.168.99.xx, but also 192.168.80.xx,whatever?

Where do these come from?

Thanks in advance.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
smalkeric Sun, 07/05/2009 - 07:54

It may be an attackers IP address. The Rate Limiting NAT Translation feature provides the ability to limit the maximum number of concurrent network address translation (NAT) operations on a router. In addition to giving users more control over how NAT addresses are used, the Rate Limiting NAT Translation feature can be used to limit the effects of viruses, worms, and denial-of-service attacks.



This Discussion