Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

why cannot ping the nat ip address belongs to ACE interface vlan

we did not received response from NAT ip address configured on interface vlan in one context, however, in another context with similar configuration the ping is sucessfully received. the only difference we have observed is that in the context without ping response, the IP address appears in the ARP table as "VSERVER" type, meanwhile, in the context with correct behavior of the ping, the IP address appears as "NAT" type

ATH_LB_01/Produccion# ping 10.129.3.44

Pinging 10.129.3.44 with timeout = 2, count = 5, size = 100 ....

Response from 10.129.3.44 :  seq 1 time 2.043 ms
Response from 10.129.3.44 :  seq 2 time 0.000 ms
Response from 10.129.3.44 :  seq 3 time 0.608 ms
Response from 10.129.3.44 :  seq 4 time 1.607 ms
Response from 10.129.3.44 :  seq 5 time 0.000 ms
5 packet sent, 5 responses received, 0% packet loss

ATH_LB_01/Desarrollo# sh arp

Context Desarrollo
================================================================================
IP ADDRESS      MAC-ADDRESS        Interface  Type      Encap  NextArp(s) Status
================================================================================
10.129.3.40     00.00.a8.82.82.c8  vlan933   LEARNED    25     2299 sec     up
10.129.3.41     00.24.81.7f.5f.50  vlan933   LEARNED    26     2298 sec     up
10.129.3.42     00.24.81.7f.66.7c  vlan933   LEARNED    27     2298 sec     up
10.129.3.43     00.24.81.7f.5f.50  vlan933   GATEWAY    21     262 sec      up
10.129.3.44     00.0b.fc.fe.1b.02  vlan933   NAT        LOCAL     _         up
10.129.3.45     00.1b.24.93.d4.bb  vlan933   INTERFACE  LOCAL     _         up
10.129.3.46     00.0b.fc.fe.1b.02  vlan933   ALIAS      LOCAL     _         up
10.129.3.17     00.1b.24.93.d4.bb  vlan932   INTERFACE  LOCAL     _         up
10.129.3.19     00.0b.fc.fe.1b.02  vlan932   ALIAS      LOCAL     _         up
10.129.3.24     00.50.56.a2.7b.16  vlan932   LEARNED    28     2298 sec     up
10.129.3.25     00.0c.29.b7.b7.37  vlan932   RSERVER    110    211 sec      up
10.129.3.26     00.0c.29.15.8b.6e  vlan932   LEARNED    29     2298 sec     up
10.129.3.27     00.0c.29.bb.5e.64  vlan932   LEARNED    30     2298 sec     up
10.129.3.28     00.50.56.9d.23.74  vlan932   RSERVER    108    296 sec      up
10.129.3.29     00.50.56.a2.74.46  vlan932   LEARNED    31     2298 sec     up
================================================================================
Total arp entries 15

ATH_LB_01/Desarrollo#


ATH_LB_01/Desarrollo#


ATH_LB_01/Desarrollo# ping 10.129.3.132

Pinging 10.129.3.132 with timeout = 2, count = 5, size = 100 ....

No response received from 10.129.3.132 within last 2 sec
No response received from 10.129.3.132 within last 2 sec
No response received from 10.129.3.132 within last 2 sec
No response received from 10.129.3.132 within last 2 sec
No response received from 10.129.3.132 within last 2 sec
5 packet sent, 0 responses received, 100% packet loss

ATH_LB_01/Produccion# sh arp

Context Produccion
================================================================================
IP ADDRESS      MAC-ADDRESS        Interface  Type      Encap  NextArp(s) Status
================================================================================
10.129.3.97     00.16.97.1e.58.ae  vlan930   RSERVER    71     51 sec       up
10.129.3.98     00.23.7d.cf.e9.0e  vlan930   LEARNED    85     3293 sec     up
10.129.3.99     00.23.7d.cf.ea.62  vlan930   LEARNED    88     3293 sec     up
10.129.3.100    00.16.97.1e.57.6a  vlan930   RSERVER    103    295 sec      up
10.129.3.101    00.23.7d.cf.ea.50  vlan930   LEARNED    105    11783 sec    up
10.129.3.102    00.23.7d.cf.e9.be  vlan930   LEARNED    104    11483 sec    up
10.129.3.103    00.1b.24.93.d4.bb  vlan930   INTERFACE  LOCAL     _         up
10.129.3.106    00.0b.fc.fe.1b.04  vlan930   ALIAS      LOCAL     _         up
10.129.3.129    00.24.81.7f.5f.51  vlan931   LEARNED    90     3293 sec     up
10.129.3.131    00.24.81.7f.5f.51  vlan931   GATEWAY    58     52 sec       up
10.129.3.132    00.0b.fc.fe.1b.04  vlan931   VSERVER    LOCAL     _         up
10.129.3.133    00.1b.24.93.d4.bb  vlan931   INTERFACE  LOCAL     _         up
10.129.3.135    00.0b.fc.fe.1b.04  vlan931   ALIAS      LOCAL     _         up
10.192.3.1      00.00.a8.83.84.2e  vlan937   LEARNED    92     3294 sec     up
10.192.3.2      00.0b.fc.fe.1b.04  vlan937   ALIAS      LOCAL     _         up
10.192.3.3      00.1b.24.93.d4.bb  vlan937   INTERFACE  LOCAL     _         up
10.192.3.5      00.0b.fc.fe.1b.04  vlan937   NAT        LOCAL     _         up
10.192.3.7      00.24.97.18.c0.bf  vlan937   LEARNED    111    11622 sec    up
================================================================================
Total arp entries 18

ATH_LB_01/Produccion#


ATH_LB_01/Produccion#

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: why cannot ping the nat ip address belongs to ACE interface

Hello,

Just wanted to add that if you first configure an IP address in a nat-pool, it will be entered into the ARP table as a type NAT.  Then if you use that same address in a class-map as a VIP, it will stay as the type NAT.  Also, if you first configre the address as a VIP, it will be entered as type VSERVER, but if you later add the same address to a nat-pool, it will continue be shown as type VSERVER.  So it appears the order in which you use the address in your config directly affects the way it is displayed in the ARP cache.

Sean

6 REPLIES
Cisco Employee

Re: why cannot ping the nat ip address belongs to ACE interface

We do not respond to ping sent to natpool ip address.

But we do respond to ping sent to vserver ip address.

It is possibe to use a vserver ip address as a nat pool ip address.

In this case we will respond to the ping sent to this ip address.

So, in the case it does not work it is because there is no vserver using that nat pool ip address.

Gilles.

Community Member

Re: why cannot ping the nat ip address belongs to ACE interface

what is wrong with this configurations? why one ARP table shows the NAT ip address as VSERVER and the other as NAT? why the IP classified as VSERVER don`t answer the ping?

thanks in advance for your answer,

Cisco Employee

Re: why cannot ping the nat ip address belongs to ACE interface

ok, I now see the ip in your config.

Could you get a 'show ver' + 'sho cfgmgr internable icmp-vip'.

Make sure you run the latest version, there were a lot of fixes in the icmp code.

Thanks.

Gilles.

Community Member

Re: why cannot ping the nat ip address belongs to ACE interface

Hi gdufour,

thanks for your answer, here I attach the show tech from device, thank in advance for your valuable help,

Silver

Re: why cannot ping the nat ip address belongs to ACE interface

Hello,

Just wanted to add that if you first configure an IP address in a nat-pool, it will be entered into the ARP table as a type NAT.  Then if you use that same address in a class-map as a VIP, it will stay as the type NAT.  Also, if you first configre the address as a VIP, it will be entered as type VSERVER, but if you later add the same address to a nat-pool, it will continue be shown as type VSERVER.  So it appears the order in which you use the address in your config directly affects the way it is displayed in the ARP cache.

Sean

Community Member

Re: why cannot ping the nat ip address belongs to ACE interface

thanks sean, you are right, the order which we configure the address affect the arp table!

1048
Views
0
Helpful
6
Replies
CreatePlease to create content