08-15-2009 07:14 AM - edited 03-04-2019 05:44 AM
I have configured this test config for learning NAT:
on router. How I can test and understood work of it?
Thank you!
access-list 1 remark ACL Category=2
access-list 1 permit 10.10.2.0 0.0.0.255
interface FastEthernet0/1
ip nat outside
exit
interface FastEthernet0/0
ip nat inside
exit
ip nat inside source list 1 interface FastEthernet0/1 overload
08-15-2009 07:53 AM
debug ip nat
*Mar 1 03:30:30.703: NAT: translation failed (F), dropping packet s=10.10.2.1 d=224.0.0.10
08-15-2009 07:54 AM
the topology is:
inside-10.10.2.1-
08-16-2009 05:31 AM
With GNS3, you can simply see NAT functioning by configuring a nat setup between two connected routers. The transport is your choice but I used FastEthernet for simplicity.
R0 - NAT router
int loop1
ip add 10.0.0.1 255.255.255.0
ip nat in
!
int f0/0
ip add 192.168.0.1 255.255.255.252
ip nat out
!
access-list 1 per host 10.0.0.1
ip nat inside source list 1 interface f0/0 over
end
****************
R1
Configure FastEthernet interface
int f0/0
ip add 192.168.0.2 255.255.255.252
****************
Do a source ping from the loopback on the NAT router to the IP on R1 and view nat statistics and translations to see the attempt. Here is the output:
Router#ping 192.168.0.2 source 10.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.2, timeout is 2 seconds:
Packet sent with a source address of 10.0.0.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/8/12 ms
Router#sh ip nat stat
Total active translations: 1 (0 static, 1 dynamic; 1 extended)
Outside interfaces:
FastEthernet0/0
Inside interfaces:
Loopback1
Hits: 9 Misses: 1
Expired translations: 0
Dynamic mappings:
-- Inside Source
[Id: 1] access-list 1 interface FastEthernet0/0 refcount 1
Router#sh ip nat trans
Pro Inside global Inside local Outside local Outside global
icmp 192.168.0.1:0 10.0.0.1:0 192.168.0.2:0 192.168.0.2:0
You can do several scenarios and this is certainly not the only way to do it. However it will get you started and takes about <5 mins to set up.
Cheers
08-17-2009 10:00 AM
What should I do to test Misses?
Hits: 9 Misses: 1
08-17-2009 11:23 AM
Good doc on basic troubleshooting:
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094c32.shtml
Misses are just an indicator of a translation that isn't in the translation table. Some initiations from an outside source might not be in the translation table and therefore log a miss. The document references ICMP echo in the particular case.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: