Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Strange NAT TAble

Hi Folks,

I have a simple overload NAT, but I've noticed that the NAT Table is strange with ICMP translated packets:

Here my conf:

ip nat pool pool1 200.89.24.110 200.89.24.110 netmask 255.255.255.252

ip nat inside source list 1 pool pool1 overload

But the IP NAT TAble shows (for ICMP Packets):

icmp 200.89.24.110:1256 192.168.1.4:10130 69.59.241.188:2184743256 69.59.241.188:1256

icmp 200.89.24.110:1255 192.168.1.4:10138 69.59.241.188:2184743256 69.59.241.188:1255

The destination port are very strange greater than 65535... There are some explication about this output.

Thanks!

4 REPLIES

Re: Strange NAT TAble

Hello,

you might want to check if your PC with IP address 192.168.1.4 is running an application that might generate these packets. The IP address that is being pinged translates to rtp64-88-wil1.klax1.s.vonagenetworks.net, which appears to be a Vonage node in Los Angeles.

HTH,

GNT

New Member

Re: Strange NAT TAble

Hi,

Of course, the destination net is Vonage, but why within NAT Table there are that strange value? Maybe a IOS bug? I don't remember a big value (i.e. 2184743256) in a NAT table, and only for ICMP packets. The IP 192.168.1.4 is not a PC is a PAP2 Linksys voice Gateway.

udp 200.89.24.110:1500 192.168.1.6:10129 69.59.249.168:12185 69.59.249.168:12185

icmp 200.89.24.110:10130 192.168.1.6:10130 69.59.241.170:2184743256 69.59.241.170:35160

icmp 200.89.24.110:10130 192.168.1.6:10130 69.59.248.161:2184743256 69.59.248.161:35160

udp 200.89.24.110:16226 192.168.1.6:16226 69.59.252.63:2400 69.59.252.63:2400

Any idea?

Rgds.

Gold

Re: Strange NAT TAble

The ICMP "port" numbers are really some form of sequence number or ident field. The best description of this is in this documents on nat and framgmentation of ICMP packets

http://www.cisco.com/warp/public/556/10.html

I have yet to find a good description of how this value gets set. I suspect the 2 entries you have are from a intermediate router that is reporting time to live exceeded or host unreachable. This value would be set by those routers.

New Member

Re: Strange NAT TAble

Thanks!

Pls if you find out how this value is gets set, pls let me know!

Rgds.

117
Views
0
Helpful
4
Replies