NAT problem

Imagine this scenario:

router2|e0<---->e0| router1 |s0<---->s0|router3...
160.10.1.2<---->160.10.1.1|175.10.1.1<---->175.10.1.2

All three routers running eigrp configured properly(take this as fact)
with no default or static routes configured.

router1 NAT config:
router1(config)# ip nat inside source static 160.10.1.2 169.10.1.2

router1(config)# interface ethernet0
router1(config-if)# ip address 160.10.1.1 255.255.255.0
router1(config-if)# ip nat inside
router1(config-if)# no shut

router1(config-if)# interface serial0
router1(config-if)# ip address 175.10.1.1 255.255.255.0
router1(config-if)# ip nat outside
router1(config-if)# no shut

Problem: Successfull ping of router3 from router2 (in Boson NetSim6.0)

When I ping router3 from router2, ip addresses in packet leaving router1's serial interface would be source.add:169.10.1.2 dest.add:175.10.1.2. Now I can imagine that icmp echo request would arrive, but how it possible that router2 would receive echo reply? there is no such network 169.10.0.0 in network topology or in router3's routing table(neither default route), so I cant get how can router3 route his reply to route2. More interesting fact is that i can ping rest of network after router3.
Is this some bug in boson, or I'm missing something?

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

Danman32

I was wondering how you got away with using a third subnet myself.

Route caching maybe? Or perhaps even ARP caching. No, it can't be ARP caching, it can't be sure the source IP in the packet is assigned to the source MAC address in the frame.

pr3d4t0r

I think that ip nat inside source static 160.10.1.2 169.10.1.2 does all the work.

This is like an ip-map i think. And it works backwards. 160.10.1.2 <-> 169.10.1.2. A packet destined to 169.10.1.2 will be forward to 160.10.1.2 because of this command.

Did u add network 169.10.1.0 to eigrp ? if yes this is how u have communication. If not see debug EIGRP result to see if EIGRP maps 169.10.1.0

Danman32

Ah yes, I forgot you had EIGRP. That's how router 3 learned about the network. View its routing table, I bet you'll see an entry for 169.10 that it learned from router 1.

marlon23

There is no such route on any router. Anyway I think is impossible that router would learned that through eigrp becouse :
- no router has this subned directly connected, so no router advertise this route in updates.
I can somehow imagine that router 1(NAT one) would advertise this subnet becouse it is in his NAT translation table, but...

I'm considering an option that it is just a bug..

marlon23

OK, I think that translations configuration is "invalid" (using non attached subnet as inside global IP address) but it can work, if I'll configure secondary ip adress on router1's serial0 interface(from subnet 169.10.0.0...). This should be correct, without that secondary IP configured it is invalit.

Correct?

EdTheLad

marlon23 wrote:

Imagine this scenario:

router2|e0<---->e0| router1 |s0<---->s0|router3...
160.10.1.2<---->160.10.1.1|175.10.1.1<---->175.10.1.2

All three routers running eigrp configured properly(take this as fact)
with no default or static routes configured.

router1 NAT config:
router1(config)# ip nat inside source static 160.10.1.2 169.10.1.2

router1(config)# interface ethernet0
router1(config-if)# ip address 160.10.1.1 255.255.255.0
router1(config-if)# ip nat inside
router1(config-if)# no shut

router1(config-if)# interface serial0
router1(config-if)# ip address 175.10.1.1 255.255.255.0
router1(config-if)# ip nat outside
router1(config-if)# no shut

Problem: Successfull ping of router3 from router2 (in Boson NetSim6.0)

When I ping router3 from router2, ip addresses in packet leaving router1's serial interface would be source.add:169.10.1.2 dest.add:175.10.1.2. Now I can imagine that icmp echo request would arrive, but how it possible that router2 would receive echo reply? there is no such network 169.10.0.0 in network topology or in router3's routing table(neither default route), so I cant get how can router3 route his reply to route2. More interesting fact is that i can ping rest of network after router3.
Is this some bug in boson, or I'm missing something?

I see nothing wrong with your config, i would say the problem is boston.
To check the addresses are being translated correctly you should enable debuging on router 1.
access-list 101 deny eigrp any any
access-list 101 permit ip any any
debug ip packet 101

Also, to see more outputs from your ping, on interfaces e0 and s0 on router 1 use command " no ip route-cache"

Now you should be able to see what translation router1 is doing.Im sure its not doing any and its a boston issue!

Danman32

He established that the translations are occuring, what he can't figure out is how router 3 knows where to send the echo reply packet, since the destination IP is on an unknown network.

I just thought of something though. Is there a route of last resort configured or implied on router 3?

EdTheLad

Danman32 wrote:

He established that the translations are occuring, what he can't figure out is how router 3 knows where to send the echo reply packet, since the destination IP is on an unknown network.

I just thought of something though. Is there a route of last resort configured or implied on router 3?

He specified in his original post there are no default or static routes.If he see's the translations occuring and no route in the routing table, problem solved boston is screwed!

Ching01

I tried this before in Boson beta netsim 6 and it is not transalting my ip so I decided to test it in real routers and use ethereal to find it translate my ip.

So it works I doubt that still some bugzzz on boson.

Danman32

We know it translates, the question is, how does it route back the echo reply?