Solved: Re: NAT : Difference vs NAT and NAT* in debug ip nat messages ?

ju.mahieu · ‎11-16-2010

Hello,

I have the following messages in my

debug ip nat :
*Nov 16 14:22:21.711: NAT: s=10.39.226.100->10.233.1.3, d=10.233.90.100 [11047]
*Nov 16 14:22:22.075: NAT*: s=10.39.226.100->10.233.1.3, d=10.233.90.100 [11048]

Everything works fine but I'm wondering what is the difference between :

- : NAT not followed by a * --> NAT

- : NAT followed by a * --> NAT*

Thank you for your comments,

Regards,

Ju

Peter Paluch · ‎11-16-2010

Hello,

If I remember correctly, the messages marked with the asterisk (*) sign mean that the translation was already present in the NAT table and was simply used to translate further packets in the same flow, i.e. a cached translation entry was used to translate this packet. The messages without the * sign mean that a cached translation entry was not found in the NAT table and the router needed to create a new translation entry for this packet.

If anyone has additional or different info please share it with us!

Best regards,

Peter

EDIT: The IOS Command Reference guide located at

http://www.cisco.com/en/US/docs/ios/debug/command/reference/db_i1.html#wp1151494

seems to confirm this, specifically:

Table 147 debug ip nat Field Descriptions
Field	Description
NAT	Indicates that the packet is being translated by the NAT feature. An asterisk (*) indicates that the translation is occurring in the fast path. The first packet in a conversation always goes through the slow path (that is, it is process switched). The remaining packets go through the fast path if a cache entry exists.
s=192.168.1.95->172.31.233.209	Source address of the packet and how it is being translated.
d=172.31.2.132	Destination address of the packet.
[6825]	IP identification number of the packet. Might be useful in the debugging process to correlate with other packet traces from protocol analyzers.

View solution in original post

Peter Paluch · ‎11-16-2010

Hello,

If I remember correctly, the messages marked with the asterisk (*) sign mean that the translation was already present in the NAT table and was simply used to translate further packets in the same flow, i.e. a cached translation entry was used to translate this packet. The messages without the * sign mean that a cached translation entry was not found in the NAT table and the router needed to create a new translation entry for this packet.

If anyone has additional or different info please share it with us!

Best regards,

Peter

EDIT: The IOS Command Reference guide located at

http://www.cisco.com/en/US/docs/ios/debug/command/reference/db_i1.html#wp1151494

seems to confirm this, specifically:

Table 147 debug ip nat Field Descriptions
Field	Description
NAT	Indicates that the packet is being translated by the NAT feature. An asterisk (*) indicates that the translation is occurring in the fast path. The first packet in a conversation always goes through the slow path (that is, it is process switched). The remaining packets go through the fast path if a cache entry exists.
s=192.168.1.95->172.31.233.209	Source address of the packet and how it is being translated.
d=172.31.2.132	Destination address of the packet.
[6825]	IP identification number of the packet. Might be useful in the debugging process to correlate with other packet traces from protocol analyzers.

ju.mahieu · ‎11-17-2010

Thanks Peter for your answer. Very usefull.

Bye,

Ju

Cara11796 · ‎05-26-2022

Amazing, thanks! I had the same question.