nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Tons of NAT translations??

mzinz

One of my production routers has an interface connected straight to our internet provider. This is (should be) only used for inbound VPN connections.

All internet traffic is routed out a local interface through our firewall.

NAT is currently enabled, but nothing should really ever be NAT'd, since no traffic goes straight out the internet interface... I thought.

I checked my nat translations today, and there are hundreds, if not thousands, from a single internal address to a single external address.

Oddly enough, the external address has a private IP (192.168.X.X)... The internal address isn't on any subnet I have seen on my network, ever. I'm baffled.

I started doing NetFlow so I could monitor the traffic on the interface, and I can't seem to find EITHER of these IP's. What am I missing here???

Any suggestions would be greatly appreciated.

Find more posts tagged with

SAVE $250 on Your CISCO Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CISCO Boot Camps

Comments

notgoing2fail

Wow, sounds interesting, keep us posted. Of course, someone more experienced is going to ask you to provide your config....

chmorin

If this isn't a production network, disable NAT and see what happens.

Agent6376

mzinz wrote: »

One of my production routers

I couldn't resist.

tim100

Post your NAT configuration and interface configuration as well as a "sh ip nat translations".

rwwest7

Could that be the people who are VPN'd in browsing the web?

ColbyG

post the output