Tuesday, January 1, 2013

Overlapping Address Translation


Both RT1 and RT2 have an overlapping subnet of 172.16.1.0/24.
RT1 is configured to perform the Twice NAT operation.
PC1 will view ServerA as 11.0.0.2 (outside local); while ServerA will view PC1 as 10.0.0.2 (inside global).

RT1 configuration: 
!
ip route 11.0.0.0 255.255.255.0 200.0.0.2
!
interface Serial0/0
 ip nat outside
!
interface FastEthernet1/0
 ip nat inside
!
ip nat inside source static network 172.16.1.0 10.0.0.0 /24
ip nat outside source static network 172.16.1.0 11.0.0.0 /24
!

RT2 configuration: 
!
ip route 10.0.0.0 255.255.255.0 200.0.0.1
!

Below show the command output and ICMP debug message when RT1 pings RT2’s 172.16.1.1 (appeared as 11.0.0.1) using its own IP address of 172.16.1.1. 
RT1#ping 11.0.0.1 source 172.16.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.0.0.1, timeout is 2 seconds:
Packet sent with a source address of 172.16.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/30/52 ms
RT1#
--------------------------------------------------------------------------------
RT2#debug ip icmp
ICMP packet debugging is on
RT2#
*Mar  1 00:05:12: ICMP: echo reply sent, src 172.16.1.1, dst 10.0.0.1
*Mar  1 00:05:12: ICMP: echo reply sent, src 172.16.1.1, dst 10.0.0.1
*Mar  1 00:05:12: ICMP: echo reply sent, src 172.16.1.1, dst 10.0.0.1
*Mar  1 00:05:12: ICMP: echo reply sent, src 172.16.1.1, dst 10.0.0.1
*Mar  1 00:05:12: ICMP: echo reply sent, src 172.16.1.1, dst 10.0.0.1
RT2#

Below show the command output and ICMP debug message when ServerA pings PC1. 
ServerA#ping 10.0.0.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/25/48 ms
ServerA#
--------------------------------------------------------------------------------
PC1#debug ip icmp
ICMP packet debugging is on
PC1#
*Mar  1 00:05:06: ICMP: echo reply sent, src 172.16.1.2, dst 11.0.0.2
*Mar  1 00:05:06: ICMP: echo reply sent, src 172.16.1.2, dst 11.0.0.2
*Mar  1 00:05:06: ICMP: echo reply sent, src 172.16.1.2, dst 11.0.0.2
*Mar  1 00:05:06: ICMP: echo reply sent, src 172.16.1.2, dst 11.0.0.2
*Mar  1 00:05:06: ICMP: echo reply sent, src 172.16.1.2, dst 11.0.0.2
PC1#

Below shows the IP NAT translation table on RT1 after the ICMP ping operations above. 
RT1#sh ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
--- 10.0.0.1           172.16.1.1         ---                ---
--- 10.0.0.2           172.16.1.2         ---                ---
--- ---                ---                11.0.0.1           172.16.1.1
--- ---                ---                11.0.0.2           172.16.1.2
--- 10.0.0.2           172.16.1.2         11.0.0.2           172.16.1.2
icmp 10.0.0.1:1        172.16.1.1:1       11.0.0.1:1         172.16.1.1:1

Subnet translation:
Inside global   Inside local    Outside local   Outside global /prefix
10.0.0.0        172.16.1.0      ---             ---             /24
---             ---             11.0.0.0        172.16.1.0      /24
RT1#
Note: The icmp NAT entry is only being created when RT1 initiates an ICMP ping to 10.0.0.0/24.
Posted by Yap Chin Hoong at 7:40 PM
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)