Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Problem with SNAT UDP

I,ve been trying to run CSS11500 07.40.2.02 one-armed DNAT+SNAT with RTP udp 10000-30000.

I need to nat client ip addresses.

service serv1

ip add 90.1.1.1

protocol udp

active

------

owner

vip add 10.1.1.1

protocol udp

add serv serv1

active

-------

group

vip add 81.1.1.1

portmap disable

add destination service serv1

active

DNAT and SNAT is OK:

IP client > CSS: 10.x.x.x:10000 > VIP 10.1.1.1:20000

IP SNAT> internet: SNAT 81.1.11:10000 > 90.1.1.1:20000

but the response:

Internet> CSS: 90.1.1.1:20000 >81.1.1.1:10000

is dropped in CSS (verified)

whithout "portmap disable", works, but the source port of client is natted...

I´d appreciate any suggestions about this problem.

Regards,

1 REPLY
Cisco Employee

Re: Problem with SNAT UDP

The combination of 'portmap disable' and client-source-nating is not supported.

The reason is that if you disable portmapping, when 2 clients hit the vip with the same source port, the traffic is sent to the server with the same source ip and port. It is therefore not possible for the CSS to identify the client ip when the response from the server comes back.

So do not use one-armed mode or make the CSS the default gateway for the servers.

Regards,

Gilles.

165
Views
5
Helpful
1
Replies
CreatePlease login to create content