Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NAT alias for SNMP and ICMP not just ARP

I have a simple static NAT config where I've utilised unused IP addresses on the LAN (inside interface) in my NAT translation. The router aliases these addresses by responding to ARP requests on the local LAN. The issue I'm having though is that is also processes and responds to SNMP and ping packets. I was expecting this traffic to be simply translated by the static NAT. Why does this happen?

See config below:

- When I ping 192.168.1.11, the router replies

- When I SNMP WALK 192.168.1.11, I walk this router

interface FastEthernet0/0

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 192.168.10.253 255.255.255.0

ip nat outside

ip virtual-reassembly

!

ip nat outside source static 192.168.10.11 192.168.1.11

!

end

1 REPLY
Cisco Employee

Re: NAT alias for SNMP and ICMP not just ARP

Hi,

I think it's because the packet is not routed to the outside interface.

When packets are received from the inside interface, routing decision applies first and NAT occurs only if the outgoing interface is configured as outside.

In your case, The destination IP address is see as directly connected to the inside interface so its' never routed to the outside interface.

Try using PBR to send these packets to F0/1.

HTH

Laurent.

125
Views
0
Helpful
1
Replies