User Tools

Site Tools


tech:network:cisco:dynamic-nat:dynamic-nat

Table of Contents

Dynamic NAT

Physical Lab 6

Using Cisco IOS 15.1(4)M10, Cisco ISR1841 box.

.211-.212

.11-.13
↓
host 172.16.2.11
host 172.16.2.12
host 172.16.2.13

why specify netmask?? it seems be a nat pool start, end is sufficient.

Need clarification about "netmask" statement on Dynamic NAT - 28560 - The Cisco Learning Network

above answer, this means sanity check.

ok.

ip nat pool PG1X-NAT-POOL 192.168.10.211 192.168.10.212 netmask 255.255.255.248
!
access-list 1 permit 172.16.2.11
access-list 1 permit 172.16.2.12
access-list 1 permit 172.16.2.13
!
ip nat inside source list 1 pool PG1X-NAT-POOL
!
int f0/1
ip nat outside
exit
!
int f0/0
ip nat inside
exit
!
end
R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#ip nat
R1(config)#ip nat po
R1(config)#ip nat poo
R1(config)#ip nat pool PG1X 192.168.10.211 192.168.10.212 ?
  netmask        Specify the network mask
  prefix-length  Specify the prefix length

R1(config)#ip nat pool PG1X 192.168.10.211 192.168.10.212
% Incomplete command.

R1(config)#ip nat pool PG1X 192.168.10.211 192.168.10.212 mas
R1(config)#ip nat pool PG1X 192.168.10.211 192.168.10.212 netma
R1(config)#$ PG1X 192.168.10.211 192.168.10.212 netmask 255.255.255.248
R1(config)#
*Apr  5 22:15:21.463: %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, changed state to up
R1(config)#ip na
R1(config)#ip nat insi
R1(config)#ip nat inside sour
R1(config)#ip nat inside source li
R1(config)#ip nat inside source list ?
  <1-2699>  Access list number for local addresses
  WORD      Access list name for local addresses

R1(config)#ip nat inside source list 1 po
R1(config)#ip nat inside source list 1 pool PG1X-NAT-POOL
R1(config)#!
R1(config)#! ip configuration
R1(config)#int f0/1
R1(config-if)#ip addr 192.168.10.210 255.255.255.0
R1(config-if)#no shut
R1(config-if)#exit
R1(config)#int f0/0
R1(config-if)#ip addr 172.16.2.1 255.255.255.0
R1(config-if)#no shut
R1(config-if)#exit
R1(config)#!
R1(config)#! default route
R1(config)#ip route 0.0.0.0 0.0.0.0 192.168.10.1
R1(config)#!
R1(config)#
*Apr  5 22:18:48.887: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up
*Apr  5 22:18:49.887: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
R1(config)#
R1(config)#
R1(config)#
R1(config)#
R1(config)#
*Apr  5 22:18:49.935: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
R1(config)#
R1(config)#
R1(config)#int f0/1
R1(config-if)#ip nat outsi
R1(config-if)#ip nat outside
R1(config-if)#exit
R1(config)#!
R1(config)#int f0/1
R1(config-if)#ip na
R1(config-if)#ip nat insi
R1(config-if)#ip nat inside
R1(config-if)#exit
R1(config)#!
R1(config)#end
R1#
*Apr  5 22:20:05.435: %SYS-5-CONFIG_I: Configured from console by console
R1#sh ip nat trans
R1#sh ip nat translations
R1#sh run | i access
R1#sh ip acc
R1#sh ip acce
R1#sh ip access-lists
R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#access-list 1 permit 172.16.2.11
R1(config)#access-list 1 permit 172.16.2.12
R1(config)#access-list 1 permit 172.16.2.13
R1(config)#^Z
R1#
*Apr  5 22:23:49.975: %SYS-5-CONFIG_I: Configured from console by console

Verification

% ssh pi@172.16.2.11
% ssh pi@172.16.2.12
% ssh pi@172.16.2.13
ping 172.16.2.1 -c2
ping 192.168.10.210 -c2
ping 8.8.8.8
ping 8.8.8.8 -c4
sh ip nat translations
sh ip access-lists
pi@pi1:~ $ ping 172.16.2.1 -c2
PING 172.16.2.1 (172.16.2.1) 56(84) bytes of data.
64 bytes from 172.16.2.1: icmp_seq=1 ttl=255 time=1.35 ms
64 bytes from 172.16.2.1: icmp_seq=2 ttl=255 time=1.12 ms

--- 172.16.2.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 1.127/1.243/1.359/0.116 ms
pi@pi1:~ $ ping 192.168.10.210 -c2
PING 192.168.10.210 (192.168.10.210) 56(84) bytes of data.
64 bytes from 192.168.10.210: icmp_seq=1 ttl=255 time=1.91 ms
64 bytes from 192.168.10.210: icmp_seq=2 ttl=255 time=1.19 ms

--- 192.168.10.210 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 1.194/1.552/1.911/0.360 ms
pi@pi1:~ $ ping 8.8.8.8 -c4
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.

--- 8.8.8.8 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3017ms
pi@pi2:~ $ ping 172.16.2.1 -c2
PING 172.16.2.1 (172.16.2.1) 56(84) bytes of data.
64 bytes from 172.16.2.1: icmp_seq=1 ttl=255 time=2.07 ms
64 bytes from 172.16.2.1: icmp_seq=2 ttl=255 time=1.36 ms

--- 172.16.2.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 1.365/1.719/2.073/0.354 ms
pi@pi2:~ $ ping 192.168.10.210 -c2
PING 192.168.10.210 (192.168.10.210) 56(84) bytes of data.
64 bytes from 192.168.10.210: icmp_seq=1 ttl=255 time=1.67 ms
64 bytes from 192.168.10.210: icmp_seq=2 ttl=255 time=1.69 ms

--- 192.168.10.210 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 1.677/1.684/1.691/0.007 ms
pi@pi2:~ $ ping 8.8.8.8 -c4
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.

--- 8.8.8.8 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3006ms
pi@pi3:~ $ ping 172.16.2.1 -c2
PING 172.16.2.1 (172.16.2.1) 56(84) bytes of data.
64 bytes from 172.16.2.1: icmp_seq=1 ttl=255 time=1.31 ms
64 bytes from 172.16.2.1: icmp_seq=2 ttl=255 time=1.77 ms

--- 172.16.2.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 1.312/1.544/1.777/0.235 ms
pi@pi3:~ $ ping 192.168.10.210 -c2
PING 192.168.10.210 (192.168.10.210) 56(84) bytes of data.
64 bytes from 192.168.10.210: icmp_seq=1 ttl=255 time=2.28 ms
64 bytes from 192.168.10.210: icmp_seq=2 ttl=255 time=1.47 ms

--- 192.168.10.210 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 1.472/1.876/2.280/0.404 ms
pi@pi3:~ $ ping 8.8.8.8 -c4
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.

--- 8.8.8.8 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 2999ms

ping failed…

R1#sh ip nat translations
R1#sh ip access-lists 1
Standard IP access list 1
    20 permit 172.16.2.12
    30 permit 172.16.2.13
    10 permit 172.16.2.11


R1#sh run int f0/0
Building configuration...

Current configuration : 95 bytes
!
interface FastEthernet0/0
 ip address 172.16.2.1 255.255.255.0
 duplex auto
 speed auto
end

R1#sh run int f0/1
Building configuration...

Current configuration : 140 bytes
!
interface FastEthernet0/1
 ip address 192.168.10.210 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 duplex auto
 speed auto
end

wrong interface nat inside, outside configuration…

correct configuration here.

int f0/1
ip nat outside
exit
!
int f0/0
ip nat inside
exit
R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#int f0/1
R1(config-if)#ip nat outside
R1(config-if)#exit
R1(config)#!
R1(config)#int f0/0
R1(config-if)#ip nat inside
R1(config-if)#exit
R1(config)#^Z
R1#
*Apr  6 22:06:48.397: %SYS-5-CONFIG_I: Configured from console by console
R1#sh ip int f0/0 | i (translation|NAT)
  Network address translation is enabled, interface in domain inside
  Output features: NAT Inside, Stateful Inspection, NAT ALG proxy
R1#sh ip int f0/1 | i (translation|NAT)
  Network address translation is enabled, interface in domain outside
  Input features: Stateful Inspection, Virtual Fragment Reassembly, Virtual Fragment Reassembly After IPSec Decryption, NAT Outside, MCI Check
  Output features: NAT Inside, Post-routing NAT Outside, Stateful Inspection, NAT ALG proxy

still failing…

R1#sh run | i nat
 ip nat inside
 ip nat outside
ip nat pool PG1X 192.168.10.211 192.168.10.212 netmask 255.255.255.248
ip nat inside source list 1 pool PG1X-NAT-POOL
R1#sh ip nat statistics
Total active translations: 0 (0 static, 0 dynamic; 0 extended)
Peak translations: 0
Outside interfaces:
  FastEthernet0/1
Inside interfaces:
  FastEthernet0/0
Hits: 0  Misses: 0
CEF Translated packets: 0, CEF Punted packets: 39535
Expired translations: 0
Dynamic mappings:
-- Inside Source
[Id: 1] access-list 1 pool PG1X-NAT-POOL refcount 0

Total doors: 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0

pool name mismatch…

no ip nat pool PG1X 192.168.10.211 192.168.10.212 netmask 255.255.255.248
ip nat pool PG1X-NAT-POOL 192.168.10.211 192.168.10.212 netmask 255.255.255.248
R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#$ool PG1X 192.168.10.211 192.168.10.212 netmask 255.255.255.248
R1(config)#$POOL 192.168.10.211 192.168.10.212 netmask 255.255.255.248
R1(config)#^Z
R1#
*Apr  8 03:37:22.450: %SYS-5-CONFIG_I: Configured from console by console
From 172.16.2.1 icmp_seq=19937 Destination Host Unreachable
From 172.16.2.1 icmp_seq=19938 Destination Host Unreachable
From 172.16.2.1 icmp_seq=19941 Destination Host Unreachable
From 172.16.2.1 icmp_seq=19942 Destination Host Unreachable
From 172.16.2.1 icmp_seq=19943 Destination Host Unreachable
From 172.16.2.1 icmp_seq=19944 Destination Host Unreachable
From 172.16.2.1 icmp_seq=19945 Destination Host Unreachable
From 172.16.2.1 icmp_seq=19948 Destination Host Unreachable
From 172.16.2.1 icmp_seq=19949 Destination Host Unreachable
64 bytes from 8.8.8.8: icmp_seq=19950 ttl=56 time=11.2 ms
64 bytes from 8.8.8.8: icmp_seq=19951 ttl=56 time=9.74 ms
64 bytes from 8.8.8.8: icmp_seq=19952 ttl=56 time=9.75 ms
64 bytes from 8.8.8.8: icmp_seq=19953 ttl=56 time=9.77 ms
64 bytes from 8.8.8.8: icmp_seq=19954 ttl=56 time=9.77 ms
64 bytes from 8.8.8.8: icmp_seq=19955 ttl=56 time=10.3 ms
64 bytes from 8.8.8.8: icmp_seq=19956 ttl=56 time=10.2 ms
64 bytes from 8.8.8.8: icmp_seq=19957 ttl=56 time=9.79 ms
64 bytes from 8.8.8.8: icmp_seq=19958 ttl=56 time=10.3 ms
64 bytes from 8.8.8.8: icmp_seq=19959 ttl=56 time=10.8 ms
64 bytes from 8.8.8.8: icmp_seq=19960 ttl=56 time=10.1 ms
64 bytes from 8.8.8.8: icmp_seq=19961 ttl=56 time=10.2 ms
64 bytes from 8.8.8.8: icmp_seq=19962 ttl=56 time=9.93 ms
64 bytes from 8.8.8.8: icmp_seq=19963 ttl=56 time=10.4 ms
64 bytes from 8.8.8.8: icmp_seq=19964 ttl=56 time=10.0 ms
64 bytes from 8.8.8.8: icmp_seq=19965 ttl=56 time=9.82 ms
64 bytes from 8.8.8.8: icmp_seq=19966 ttl=56 time=9.70 ms
64 bytes from 8.8.8.8: icmp_seq=19967 ttl=56 time=10.3 ms
64 bytes from 8.8.8.8: icmp_seq=19968 ttl=56 time=10.3 ms
64 bytes from 8.8.8.8: icmp_seq=19969 ttl=56 time=10.3 ms
64 bytes from 8.8.8.8: icmp_seq=19970 ttl=56 time=10.8 ms
64 bytes from 8.8.8.8: icmp_seq=19971 ttl=56 time=10.0 ms
64 bytes from 8.8.8.8: icmp_seq=19972 ttl=56 time=9.71 ms
64 bytes from 8.8.8.8: icmp_seq=19973 ttl=56 time=10.3 ms
64 bytes from 8.8.8.8: icmp_seq=19974 ttl=56 time=9.80 ms
64 bytes from 8.8.8.8: icmp_seq=19975 ttl=56 time=10.1 ms
64 bytes from 8.8.8.8: icmp_seq=19976 ttl=56 time=9.87 ms
64 bytes from 8.8.8.8: icmp_seq=19977 ttl=56 time=9.66 ms
^C
--- 8.8.8.8 ping statistics ---
19977 packets transmitted, 28 received, +10046 errors, 99% packet loss, time 20006116ms
rtt min/avg/max/mdev = 9.663/10.139/11.223/0.397 ms
pi@pi1:~ $
From 172.16.2.1 icmp_seq=19927 Destination Host Unreachable
From 172.16.2.1 icmp_seq=19928 Destination Host Unreachable
From 172.16.2.1 icmp_seq=19934 Destination Host Unreachable
From 172.16.2.1 icmp_seq=19935 Destination Host Unreachable
From 172.16.2.1 icmp_seq=19941 Destination Host Unreachable
From 172.16.2.1 icmp_seq=19942 Destination Host Unreachable
64 bytes from 8.8.8.8: icmp_seq=19945 ttl=56 time=11.4 ms
64 bytes from 8.8.8.8: icmp_seq=19946 ttl=56 time=9.86 ms
64 bytes from 8.8.8.8: icmp_seq=19947 ttl=56 time=9.76 ms
64 bytes from 8.8.8.8: icmp_seq=19948 ttl=56 time=9.76 ms
64 bytes from 8.8.8.8: icmp_seq=19949 ttl=56 time=9.77 ms
64 bytes from 8.8.8.8: icmp_seq=19950 ttl=56 time=9.78 ms
64 bytes from 8.8.8.8: icmp_seq=19951 ttl=56 time=9.79 ms
64 bytes from 8.8.8.8: icmp_seq=19952 ttl=56 time=9.87 ms
64 bytes from 8.8.8.8: icmp_seq=19953 ttl=56 time=9.73 ms
64 bytes from 8.8.8.8: icmp_seq=19954 ttl=56 time=9.82 ms
64 bytes from 8.8.8.8: icmp_seq=19955 ttl=56 time=9.82 ms
64 bytes from 8.8.8.8: icmp_seq=19956 ttl=56 time=9.72 ms
64 bytes from 8.8.8.8: icmp_seq=19957 ttl=56 time=9.93 ms
64 bytes from 8.8.8.8: icmp_seq=19958 ttl=56 time=9.75 ms
64 bytes from 8.8.8.8: icmp_seq=19959 ttl=56 time=9.63 ms
64 bytes from 8.8.8.8: icmp_seq=19960 ttl=56 time=9.72 ms
64 bytes from 8.8.8.8: icmp_seq=19961 ttl=56 time=9.78 ms
64 bytes from 8.8.8.8: icmp_seq=19962 ttl=56 time=9.96 ms
64 bytes from 8.8.8.8: icmp_seq=19963 ttl=56 time=10.4 ms
64 bytes from 8.8.8.8: icmp_seq=19964 ttl=56 time=10.4 ms
64 bytes from 8.8.8.8: icmp_seq=19965 ttl=56 time=10.8 ms
64 bytes from 8.8.8.8: icmp_seq=19966 ttl=56 time=10.0 ms
64 bytes from 8.8.8.8: icmp_seq=19967 ttl=56 time=9.81 ms
64 bytes from 8.8.8.8: icmp_seq=19968 ttl=56 time=9.93 ms
64 bytes from 8.8.8.8: icmp_seq=19969 ttl=56 time=10.2 ms
64 bytes from 8.8.8.8: icmp_seq=19970 ttl=56 time=9.75 ms
64 bytes from 8.8.8.8: icmp_seq=19971 ttl=56 time=9.75 ms
64 bytes from 8.8.8.8: icmp_seq=19972 ttl=56 time=9.74 ms
64 bytes from 8.8.8.8: icmp_seq=19973 ttl=56 time=9.72 ms
64 bytes from 8.8.8.8: icmp_seq=19974 ttl=56 time=9.81 ms
64 bytes from 8.8.8.8: icmp_seq=19975 ttl=56 time=9.83 ms
64 bytes from 8.8.8.8: icmp_seq=19976 ttl=56 time=9.80 ms
^C
--- 8.8.8.8 ping statistics ---
19976 packets transmitted, 32 received, +9903 errors, 99% packet loss, time 20004590ms
rtt min/avg/max/mdev = 9.639/9.941/11.465/0.394 ms
pi@pi2:~ $

ping to world from pi3 fails because nat translation full.

pi@pi3:~ $ ping 8.8.8.8 -c4
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
From 172.16.2.1 icmp_seq=1 Destination Host Unreachable
From 172.16.2.1 icmp_seq=2 Destination Host Unreachable
From 172.16.2.1 icmp_seq=3 Destination Host Unreachable
From 172.16.2.1 icmp_seq=4 Destination Host Unreachable

--- 8.8.8.8 ping statistics ---
4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 3004ms
R1#sh ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
--- 192.168.10.211     172.16.2.11        ---                ---
--- 192.168.10.212     172.16.2.12        ---                ---

with active nat translation, can ssh from external

R1#sh ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
tcp 192.168.10.211:22  172.16.2.11:22     192.168.10.16:56922 192.168.10.16:56922
--- 192.168.10.211     172.16.2.11        ---                ---
--- 192.168.10.212     172.16.2.12        ---                ---

but how long not used connection pool released??

R1#sh ip nat translations verbose
Pro Inside global      Inside local       Outside local      Outside global
tcp 192.168.10.211:22  172.16.2.11:22     192.168.10.16:56922 192.168.10.16:56922
    create 00:04:04, use 00:03:41 timeout:86400000, left 23:56:18, Map-Id(In): 1,
    flags:
extended, use_count: 0, entry-id: 5, lc_entries: 0
--- 192.168.10.211     172.16.2.11        ---                ---
    create 00:08:12, use 00:04:04 timeout:86400000, left 23:55:55, Map-Id(In): 1,
    flags:
none, use_count: 1, entry-id: 1, lc_entries: 0
--- 192.168.10.212     172.16.2.12        ---                ---
    create 00:08:12, use 00:08:12 timeout:86400000, left 23:51:47, Map-Id(In): 1,
    flags:
none, use_count: 0, entry-id: 3, lc_entries: 0
R1#sh ip nat statistics
Total active translations: 3 (0 static, 3 dynamic; 1 extended)
Peak translations: 4, occurred 00:09:03 ago
Outside interfaces:
  FastEthernet0/1
Inside interfaces:
  FastEthernet0/0
Hits: 179  Misses: 0
CEF Translated packets: 179, CEF Punted packets: 39989
Expired translations: 2
Dynamic mappings:
-- Inside Source
[Id: 1] access-list 1 pool PG1X-NAT-POOL refcount 3
 pool PG1X-NAT-POOL: netmask 255.255.255.248
        start 192.168.10.211 end 192.168.10.212
        type generic, total addresses 2, allocated 2 (100%), misses 88

Total doors: 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0

set timeout

R1#sh ip nat translations verbose
Pro Inside global      Inside local       Outside local      Outside global
tcp 192.168.10.211:22  172.16.2.11:22     192.168.10.16:56922 192.168.10.16:56922
    create 02:13:08, use 00:13:03 timeout:86400000, left 23:46:56, Map-Id(In): 1,
    flags:
extended, use_count: 0, entry-id: 5, lc_entries: 0
--- 192.168.10.211     172.16.2.11        ---                ---
    create 02:17:17, use 02:13:08 timeout:86400000, left 21:46:51, Map-Id(In): 1,
    flags:
none, use_count: 1, entry-id: 1, lc_entries: 0
--- 192.168.10.212     172.16.2.12        ---                ---
    create 02:17:17, use 02:17:17 timeout:86400000, left 21:42:42, Map-Id(In): 1,
    flags:
none, use_count: 0, entry-id: 3, lc_entries: 0

clear nat translation table.

R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#ip na
R1(config)#ip nat
R1(config)#ip nat trans
R1(config)#ip nat translation ti
R1(config)#ip nat translation timeout ?
  <0-536870>  Timeout in seconds
  never       Never timeout

R1(config)#ip nat translation timeout 300
R1(config)#^Z
R1#
*Apr  8 05:56:53.526: %SYS-5-CONFIG_I: Configured from console by console
R1#sh ip nat translations verbose
Pro Inside global      Inside local       Outside local      Outside global
tcp 192.168.10.211:22  172.16.2.11:22     192.168.10.16:56922 192.168.10.16:56922
    create 02:15:56, use 00:15:51 timeout:86400000, left 23:44:08, Map-Id(In): 1,
    flags:
extended, use_count: 0, entry-id: 5, lc_entries: 0
--- 192.168.10.211     172.16.2.11        ---                ---
    create 02:20:05, use 02:15:56 timeout:86400000, left 21:44:03, Map-Id(In): 1,
    flags:
none, use_count: 1, entry-id: 1, lc_entries: 0
--- 192.168.10.212     172.16.2.12        ---                ---
    create 02:20:05, use 02:20:05 timeout:86400000, left 21:39:54, Map-Id(In): 1,
    flags:
none, use_count: 0, entry-id: 3, lc_entries: 0
R1#clear ip nat translation *
R1#sh ip nat trans
R1#sh ip nat trans ver
R1#sh ip nat trans ver
Pro Inside global      Inside local       Outside local      Outside global
icmp 192.168.10.212:4790 172.16.2.11:4790 8.8.8.8:4790       8.8.8.8:4790
    create 00:00:27, use 00:00:24 timeout:60000, left 00:00:35, Map-Id(In): 1,
    flags:
extended, use_count: 0, entry-id: 11, lc_entries: 0
--- 192.168.10.212     172.16.2.11        ---                ---
    create 00:00:27, use 00:00:27 timeout:300000, left 00:04:32, Map-Id(In): 1,
    flags:
none, use_count: 1, entry-id: 10, lc_entries: 0
tcp 192.168.10.211:22  172.16.2.12:22     192.168.10.16:56922 192.168.10.16:56922
    create 00:00:25, use 00:00:25 timeout:86400000, left 00:00:34, Map-Id(In): 1,
    flags:
extended, timing-out, use_count: 0, entry-id: 12, lc_entries: 0
icmp 192.168.10.211:5745 172.16.2.12:5745 8.8.8.8:5745       8.8.8.8:5745
    create 00:00:32, use 00:00:29 timeout:60000, left 00:00:30, Map-Id(In): 1,
    flags:
extended, use_count: 0, entry-id: 9, lc_entries: 0
--- 192.168.10.211     172.16.2.12        ---                ---
    create 00:00:32, use 00:00:25 timeout:300000, left 00:04:34, Map-Id(In): 1,
    flags:
Pro Inside global      Inside local       Outside local      Outside global
none, use_count: 2, entry-id: 8, lc_entries: 0
pi@pi1:~ $ ping 8.8.8.8 -c4
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=56 time=10.8 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=56 time=9.98 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=56 time=12.7 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=56 time=10.1 ms

--- 8.8.8.8 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 9.985/10.925/12.787/1.125 ms
pi@pi2:~ $ ping 8.8.8.8 -c4
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=56 time=10.6 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=56 time=10.4 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=56 time=12.8 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=56 time=10.3 ms

--- 8.8.8.8 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 10.301/11.080/12.896/1.060 ms
From 172.16.2.1 icmp_seq=254 Destination Host Unreachable
From 172.16.2.1 icmp_seq=255 Destination Host Unreachable
From 172.16.2.1 icmp_seq=256 Destination Host Unreachable
From 172.16.2.1 icmp_seq=257 Destination Host Unreachable
From 172.16.2.1 icmp_seq=258 Destination Host Unreachable
From 172.16.2.1 icmp_seq=259 Destination Host Unreachable
From 172.16.2.1 icmp_seq=260 Destination Host Unreachable
From 172.16.2.1 icmp_seq=261 Destination Host Unreachable
From 172.16.2.1 icmp_seq=262 Destination Host Unreachable
From 172.16.2.1 icmp_seq=263 Destination Host Unreachable
^C
--- 8.8.8.8 ping statistics ---
263 packets transmitted, 0 received, +263 errors, 100% packet loss, time 262474ms

pi@pi3:~ $
R1#sh ip nat trans ver
Pro Inside global      Inside local       Outside local      Outside global
--- 192.168.10.212     172.16.2.11        ---                ---
    create 00:02:18, use 00:02:18 timeout:300000, left 00:02:41, Map-Id(In): 1,
    flags:
none, use_count: 0, entry-id: 10, lc_entries: 0
tcp 192.168.10.211:22  172.16.2.12:22     192.168.10.16:58210 192.168.10.16:58210
    create 00:01:45, use 00:01:10 timeout:86400000, left 23:58:49, Map-Id(In): 1,
    flags:
extended, use_count: 0, entry-id: 13, lc_entries: 0
--- 192.168.10.211     172.16.2.12        ---                ---
    create 00:02:23, use 00:01:45 timeout:300000, left 00:03:14, Map-Id(In): 1,
    flags:
none, use_count: 1, entry-id: 8, lc_entries: 0
R1#sh ip nat trans
Pro Inside global      Inside local       Outside local      Outside global
--- 192.168.10.212     172.16.2.11        ---                ---
tcp 192.168.10.211:22  172.16.2.12:22     192.168.10.16:58210 192.168.10.16:58210
--- 192.168.10.211     172.16.2.12        ---                ---
R1#sh ip nat trans ver
Pro Inside global      Inside local       Outside local      Outside global
--- 192.168.10.212     172.16.2.11        ---                ---
    create 00:04:40, use 00:04:40 timeout:300000, left 00:00:19, Map-Id(In): 1,
    flags:
none, use_count: 0, entry-id: 10, lc_entries: 0
tcp 192.168.10.211:22  172.16.2.12:22     192.168.10.16:58210 192.168.10.16:58210
    create 00:04:07, use 00:03:32 timeout:86400000, left 23:56:27, Map-Id(In): 1,
    flags:
extended, use_count: 0, entry-id: 13, lc_entries: 0
--- 192.168.10.211     172.16.2.12        ---                ---
    create 00:04:45, use 00:04:07 timeout:300000, left 00:00:52, Map-Id(In): 1,
    flags:
none, use_count: 1, entry-id: 8, lc_entries: 0
R1#sh ip nat trans
Pro Inside global      Inside local       Outside local      Outside global
tcp 192.168.10.211:22  172.16.2.12:22     192.168.10.16:58210 192.168.10.16:58210
--- 192.168.10.211     172.16.2.12        ---                ---
R1#sh ip nat trans ver
Pro Inside global      Inside local       Outside local      Outside global
tcp 192.168.10.211:22  172.16.2.12:22     192.168.10.16:58210 192.168.10.16:58210
    create 00:05:08, use 00:04:33 timeout:86400000, left 23:55:26, Map-Id(In): 1,
    flags:
extended, use_count: 0, entry-id: 13, lc_entries: 0
--- 192.168.10.211     172.16.2.12        ---                ---
    create 00:05:46, use 00:05:08 timeout:300000, timing-out, Map-Id(In): 1,
    flags:
none, use_count: 1, entry-id: 8, lc_entries: 0
pi@pi1:~ $ ping 8.8.8.8 -c4
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
From 172.16.2.1 icmp_seq=1 Destination Host Unreachable
From 172.16.2.1 icmp_seq=2 Destination Host Unreachable
From 172.16.2.1 icmp_seq=3 Destination Host Unreachable
From 172.16.2.1 icmp_seq=4 Destination Host Unreachable

--- 8.8.8.8 ping statistics ---
4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 3004ms
pi@pi3:~ $ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=56 time=10.6 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=56 time=10.1 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=56 time=10.2 ms
^[[A64 bytes from 8.8.8.8: icmp_seq=4 ttl=56 time=15.7 ms
64 bytes from 8.8.8.8: icmp_seq=5 ttl=56 time=9.83 ms
64 bytes from 8.8.8.8: icmp_seq=6 ttl=56 time=10.2 ms
64 bytes from 8.8.8.8: icmp_seq=7 ttl=56 time=9.82 ms
64 bytes from 8.8.8.8: icmp_seq=8 ttl=56 time=10.2 ms
64 bytes from 8.8.8.8: icmp_seq=9 ttl=56 time=10.1 ms
64 bytes from 8.8.8.8: icmp_seq=10 ttl=56 time=10.2 ms
64 bytes from 8.8.8.8: icmp_seq=11 ttl=56 time=10.6 ms
64 bytes from 8.8.8.8: icmp_seq=12 ttl=56 time=9.87 ms
64 bytes from 8.8.8.8: icmp_seq=13 ttl=56 time=10.0 ms
^C
--- 8.8.8.8 ping statistics ---
13 packets transmitted, 13 received, 0% packet loss, time 12016ms
rtt min/avg/max/mdev = 9.828/10.608/15.725/1.505 ms
R1#sh ip nat trans
Pro Inside global      Inside local       Outside local      Outside global
tcp 192.168.10.211:22  172.16.2.12:22     192.168.10.16:58210 192.168.10.16:58210
--- 192.168.10.211     172.16.2.12        ---                ---
icmp 192.168.10.212:4775 172.16.2.13:4775 8.8.8.8:4775       8.8.8.8:4775
--- 192.168.10.212     172.16.2.13        ---                ---
R1#sh ip nat trans ver
Pro Inside global      Inside local       Outside local      Outside global
tcp 192.168.10.211:22  172.16.2.12:22     192.168.10.16:58210 192.168.10.16:58210
    create 00:06:27, use 00:00:53 timeout:86400000, left 23:59:06, Map-Id(In): 1,
    flags:
extended, use_count: 0, entry-id: 13, lc_entries: 0
--- 192.168.10.211     172.16.2.12        ---                ---
    create 00:07:06, use 00:06:27 timeout:300000, timing-out, Map-Id(In): 1,
    flags:
none, use_count: 1, entry-id: 8, lc_entries: 0
icmp 192.168.10.212:4775 172.16.2.13:4775 8.8.8.8:4775       8.8.8.8:4775
    create 00:00:50, use 00:00:38 timeout:60000, left 00:00:21, Map-Id(In): 1,
    flags:
extended, use_count: 0, entry-id: 15, lc_entries: 0
--- 192.168.10.212     172.16.2.13        ---                ---
    create 00:00:50, use 00:00:50 timeout:300000, left 00:04:09, Map-Id(In): 1,
    flags:
none, use_count: 1, entry-id: 14, lc_entries: 0

works fine. good.

close all sessions. wait a moment.

R1#sh ip nat trans ver
Pro Inside global      Inside local       Outside local      Outside global
tcp 192.168.10.211:22  172.16.2.12:22     192.168.10.16:58210 192.168.10.16:58210
    create 00:09:38, use 00:04:04 timeout:86400000, left 23:55:55, Map-Id(In): 1,
    flags:
extended, use_count: 0, entry-id: 13, lc_entries: 0
--- 192.168.10.211     172.16.2.12        ---                ---
    create 00:10:16, use 00:09:38 timeout:300000, timing-out, Map-Id(In): 1,
    flags:
none, use_count: 1, entry-id: 8, lc_entries: 0
--- 192.168.10.212     172.16.2.13        ---                ---
    create 00:04:01, use 00:04:01 timeout:300000, left 00:00:58, Map-Id(In): 1,
    flags:
none, use_count: 0, entry-id: 14, lc_entries: 0
R1#sh ip nat trans
Pro Inside global      Inside local       Outside local      Outside global
tcp 192.168.10.211:22  172.16.2.12:22     192.168.10.16:58210 192.168.10.16:58210
--- 192.168.10.211     172.16.2.12        ---                ---
--- 192.168.10.212     172.16.2.13        ---                ---
R1#sh ip nat trans
Pro Inside global      Inside local       Outside local      Outside global
tcp 192.168.10.211:22  172.16.2.12:22     192.168.10.16:58210 192.168.10.16:58210
--- 192.168.10.211     172.16.2.12        ---                ---
--- 192.168.10.212     172.16.2.13        ---                ---
R1#sh ip nat trans
Pro Inside global      Inside local       Outside local      Outside global
tcp 192.168.10.211:22  172.16.2.12:22     192.168.10.16:58210 192.168.10.16:58210
--- 192.168.10.211     172.16.2.12        ---                ---
--- 192.168.10.212     172.16.2.13        ---                ---
R1#sh ip nat trans ver
Pro Inside global      Inside local       Outside local      Outside global
tcp 192.168.10.211:22  172.16.2.12:22     192.168.10.16:58210 192.168.10.16:58210
    create 00:10:25, use 00:00:34 timeout:86400000, left 00:00:25, Map-Id(In): 1,
    flags:
extended, timing-out, use_count: 0, entry-id: 13, lc_entries: 0
--- 192.168.10.211     172.16.2.12        ---                ---
    create 00:11:04, use 00:10:25 timeout:300000, timing-out, Map-Id(In): 1,
    flags:
none, use_count: 1, entry-id: 8, lc_entries: 0
--- 192.168.10.212     172.16.2.13        ---                ---
    create 00:04:48, use 00:04:48 timeout:300000, left 00:00:11, Map-Id(In): 1,
    flags:
none, use_count: 0, entry-id: 14, lc_entries: 0
R1#sh ip nat trans
Pro Inside global      Inside local       Outside local      Outside global
tcp 192.168.10.211:22  172.16.2.12:22     192.168.10.16:58210 192.168.10.16:58210
--- 192.168.10.211     172.16.2.12        ---                ---
--- 192.168.10.212     172.16.2.13        ---                ---
R1#sh ip nat trans ver
Pro Inside global      Inside local       Outside local      Outside global
tcp 192.168.10.211:22  172.16.2.12:22     192.168.10.16:58210 192.168.10.16:58210
    create 00:10:33, use 00:00:42 timeout:86400000, left 00:00:17, Map-Id(In): 1,
    flags:
extended, timing-out, use_count: 0, entry-id: 13, lc_entries: 0
--- 192.168.10.211     172.16.2.12        ---                ---
    create 00:11:12, use 00:10:33 timeout:300000, timing-out, Map-Id(In): 1,
    flags:
none, use_count: 1, entry-id: 8, lc_entries: 0
--- 192.168.10.212     172.16.2.13        ---                ---
    create 00:04:56, use 00:04:56 timeout:300000, left 00:00:03, Map-Id(In): 1,
    flags:
none, use_count: 0, entry-id: 14, lc_entries: 0
R1#sh ip nat trans
Pro Inside global      Inside local       Outside local      Outside global
tcp 192.168.10.211:22  172.16.2.12:22     192.168.10.16:58210 192.168.10.16:58210
--- 192.168.10.211     172.16.2.12        ---                ---
--- 192.168.10.212     172.16.2.13        ---                ---
R1#sh ip nat trans
Pro Inside global      Inside local       Outside local      Outside global
tcp 192.168.10.211:22  172.16.2.12:22     192.168.10.16:58210 192.168.10.16:58210
--- 192.168.10.211     172.16.2.12        ---                ---
R1#sh ip nat trans
Pro Inside global      Inside local       Outside local      Outside global
tcp 192.168.10.211:22  172.16.2.12:22     192.168.10.16:58210 192.168.10.16:58210
--- 192.168.10.211     172.16.2.12        ---                ---
R1#sh ip nat trans
Pro Inside global      Inside local       Outside local      Outside global
tcp 192.168.10.211:22  172.16.2.12:22     192.168.10.16:58210 192.168.10.16:58210
--- 192.168.10.211     172.16.2.12        ---                ---
R1#sh ip nat trans
R1#sh ip nat trans
R1#sh ip nat trans ver
R1#

awesome.

References

tech/network/cisco/dynamic-nat/dynamic-nat.txt · Last modified: 2018/04/08 18:48 by wnoguchi