Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
343
Views
0
Helpful
4
Replies

Strange NAT TAble

omar.p
Level 1
Level 1

‎11-13-2006 05:38 PM - edited ‎03-03-2019 02:41 PM

Hi Folks,

I have a simple overload NAT, but I've noticed that the NAT Table is strange with ICMP translated packets:

Here my conf:

ip nat pool pool1 200.89.24.110 200.89.24.110 netmask 255.255.255.252

ip nat inside source list 1 pool pool1 overload

But the IP NAT TAble shows (for ICMP Packets):

icmp 200.89.24.110:1256 192.168.1.4:10130 69.59.241.188:2184743256 69.59.241.188:1256

icmp 200.89.24.110:1255 192.168.1.4:10138 69.59.241.188:2184743256 69.59.241.188:1255

The destination port are very strange greater than 65535... There are some explication about this output.

Thanks!

Labels:
0 Helpful
4 Replies 4

globalnettech
Level 5
Level 5

‎11-14-2006 12:07 AM

Hello,

you might want to check if your PC with IP address 192.168.1.4 is running an application that might generate these packets. The IP address that is being pinged translates to rtp64-88-wil1.klax1.s.vonagenetworks.net, which appears to be a Vonage node in Los Angeles.

HTH,

GNT

0 Helpful

omar.p
Level 1
Level 1
In response to globalnettech

‎11-14-2006 12:53 PM

Hi,

Of course, the destination net is Vonage, but why within NAT Table there are that strange value? Maybe a IOS bug? I don't remember a big value (i.e. 2184743256) in a NAT table, and only for ICMP packets. The IP 192.168.1.4 is not a PC is a PAP2 Linksys voice Gateway.

udp 200.89.24.110:1500 192.168.1.6:10129 69.59.249.168:12185 69.59.249.168:12185

icmp 200.89.24.110:10130 192.168.1.6:10130 69.59.241.170:2184743256 69.59.241.170:35160

icmp 200.89.24.110:10130 192.168.1.6:10130 69.59.248.161:2184743256 69.59.248.161:35160

udp 200.89.24.110:16226 192.168.1.6:16226 69.59.252.63:2400 69.59.252.63:2400

Any idea?

Rgds.

0 Helpful

tdrais
Level 7
Level 7
In response to omar.p

‎11-14-2006 01:13 PM

The ICMP "port" numbers are really some form of sequence number or ident field. The best description of this is in this documents on nat and framgmentation of ICMP packets

http://www.cisco.com/warp/public/556/10.html

I have yet to find a good description of how this value gets set. I suspect the 2 entries you have are from a intermediate router that is reporting time to live exceeded or host unreachable. This value would be set by those routers.

0 Helpful

omar.p
Level 1
Level 1
In response to tdrais

‎11-14-2006 04:20 PM

Thanks!

Pls if you find out how this value is gets set, pls let me know!

Rgds.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card