Skip to main content

1.1.5 Verifying PAT configuration / 1.1.6 Troubleshooting NAT and PAT configuration


1.1.5 Verifying PAT configuration
Once NAT is configured, use the clear and show commands to verify that it is operating as expected.
By default, dynamic address translations will time out from the NAT translation table after a period of non-use. When port translation is not configured, translation entries time out after 24 hours, unless the timers are reconfigured with the ip nat translation timeouttimeout_ seconds command from global configuration mode. Clear the entries before the timeout by using one of the commands in Figure .
Translation information may be displayed by performing one of the tasks in EXEC mode .
Alternatively, use the show run command and look for NAT, access list, interface, or pool commands with the required values.


1.1.6 Troubleshooting NAT and PAT configuration
When IP connectivity problems in a NAT environment exist, it is often difficult to determine the cause of the problem. Many times NAT is mistakenly blamed, when in reality there is an underlying problem.
When trying to determine the cause of an IP connectivity problem, it helps to rule out NAT. Use the following steps to determine whether NAT is operating as expected:
  1. Based on the configuration, clearly define what NAT is supposed to achieve.
  2. Verify that correct translations exist in the translation table.
  3. Verify the translation is occurring by using show and debug commands.
  4. Review in detail what is happening to the packet and verify that routers have the correct routing information to move the packet along.
Use the debug ip nat command to verify the operation of the NAT feature by displaying information about every packet that is translated by the router. The debug ip natdetailed command generates a description of each packet considered for translation. This command also outputs information about certain errors or exception conditions, such as the failure to allocate a global address.
Figure shows a sample debug ip nat output. In this example, the first two lines of the debugging output show that a Domain Name System (DNS) request and reply were produced. The remaining lines show the debugging output of a Telnet connection from a host on the inside of the network to a host on the outside of the network.
Decode the debug output by using the following key points:
  • The asterisk next to NAT indicates that the translation is occurring in the fast-switched path. The first packet in a conversation will always go through the slow path, which means this first packet is process-switched. The remaining packets will go through the fast-switched path if a cache entry exists.
  • s = a.b.c.d is the source address.
  • Source address a.b.c.d is translated to w.x.y.z.
  • d = e.f.g.h is the destination address.
The value in brackets is the IP identification number. This information may be useful for debugging. This is useful, for example, because it enables correlation with other packet traces from protocol analyzers. 

Comments

Post a Comment

Popular posts from this blog

OSI layers / Peer-to-peer communications / TCP/IP model

OSI layers 2.3.4 This page discusses the seven layers of the OSI model. The OSI reference model is a framework that is used to understand how information travels throughout a network. The OSI reference model explains how packets travel through the various layers to another device on a network, even if the sender and destination have different types of network media. In the OSI reference model, there are seven numbered layers, each of which illustrates a particular network function. - Dividing the network into seven layers provides the following advantages: • It breaks network communication into smaller, more manageable parts. • It standardizes network components to allow multiple vendor development and support. • It allows different types of network hardware and software to communicate with each other. • It prevents changes in one layer from affecting other layers. • It divides network communication into smaller parts to make learning it easier to understand. In the foll...
Post a Comment
Read more

Advantages and disadvantages of link-state routing

Advantages and disadvantages of link-state routing 2.1.5  This page lists the advantages and disadvantages of link-state routing protocols. The following are advantages of link-state routing protocols:  Link-state protocols use cost metrics to choose paths through the network. The cost metric reflects the capacity of the links on those paths. Link-state protocols use triggered updates and LSA floods to immediately report changes in the network topology to all routers in the network. This leads to fast convergence times. Each router has a complete and synchronized picture of the network. Therefore, it is very difficult for routing loops to occur. Routers use the latest information to make the best routing decisions. The link-state database sizes can be minimized with careful network design. This leads to smaller Dijkstra calculations and faster convergence. Every router, at the very least, maps the topology of it...
Post a Comment
Read more

Ports for services

Ports for services 10.2.2  Services running on hosts must have a port number assigned to them so communication can occur. A remote host attempting to connect to a service expects that service to use specific transport layer protocols and ports. Some ports, which are defined in RFC 1700, are known as the well-known ports. These ports are reserved in both TCP and UDP.  These well-known ports define applications that run above the transport layer protocols. For example, a server that runs FTP will use ports 20 and 21 to forward TCP connections from clients to its FTP application. This allows the server to determine which service a client requests. TCP and UDP use port numbers to determine the correct service to which requests are forwarded. The next page will discuss ports in greater detail.
Post a Comment
Read more