why mutiple NAT/PAT session mapping
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
||||||||||||||||
|
Posted by JJ on June 13, 2005, 5:01 am
Please log in for more thread options Under what conditions , the PAT will have more session mapping ? In theory , if the client site always using the same ip and port no, go to the same destination ip , port ; there should be one PAT mapping , right ? lab>sho ip nat tran | inc 10.20.2.197
udp 202.xxx.yyy.34:1024 10.20.2.197:5060 210.xx.yy.zz:5060
210.xx.yy.zz:5060 udp 202.xxx.yyy.34:1058 10.20.2.197:5060 210.xx.yy.zz:5060 210.xx.yy.zz:5060 client 10.20.2.197 , port 5060 unchanged destination 210.xx.yy.zz , port 5060 unchanged ps: the NAT device is Cisco Router IOS NAT Cisco Internetwork Operating System Software IOS (tm) 3600 Software (C3620-IK9O3S6-M), Version 12.3(5a), RELEASE SOFTWARE (fc1) Thanks for telling me any ideas | ||||||||||||||||
|
Posted by Carl on June 13, 2005, 7:11 am
Please log in for more thread options > Dear All Guru :
> > Under what conditions , the PAT will have more session mapping ? > > In theory , if the client site always using the same ip and port no, > go to the same destination ip , port ; there should be one PAT mapping > , right ? > > > lab>sho ip nat tran | inc 10.20.2.197 > udp 202.xxx.yyy.34:1024 10.20.2.197:5060 210.xx.yy.zz:5060 > 210.xx.yy.zz:5060 > udp 202.xxx.yyy.34:1058 10.20.2.197:5060 210.xx.yy.zz:5060 > 210.xx.yy.zz:5060 > > client 10.20.2.197 , port 5060 unchanged > destination 210.xx.yy.zz , port 5060 unchanged > > > ps: the NAT device is Cisco Router IOS NAT > Cisco Internetwork Operating System Software > IOS (tm) 3600 Software (C3620-IK9O3S6-M), Version 12.3(5a), RELEASE > SOFTWARE (fc1) > > Thanks for telling me any ideas > it's interesting you ask this because I do not see the point in doing PAT in the situation as above. I have seen issues with this when using SIP and CBAC (ip inspect) with a Cisco 837 in that SIP responses from the proxy server (to the PAT port) are denied. To overcome this I needed to put a static translation for port 5060 client/server. Anyone else seen this ?? Carl | ||||||||||||||||
|
Posted by Hansang Bae on June 15, 2005, 8:37 pm
Please log in for more thread options JJ wrote:
> Under what conditions , the PAT will have more session mapping ?
> In theory , if the client site always using the same ip and port no, > go to the same destination ip , port ; there should be one PAT mapping > , right ? Assuming the SOURCE port is not ephemeral, then yes. In your example below, the source ports are different. >
> > lab>sho ip nat tran | inc 10.20.2.197 > udp 202.xxx.yyy.34:1024 10.20.2.197:5060 210.xx.yy.zz:5060 > 210.xx.yy.zz:5060 > udp 202.xxx.yyy.34:1058 10.20.2.197:5060 210.xx.yy.zz:5060 > 210.xx.yy.zz:5060 > > client 10.20.2.197 , port 5060 unchanged > destination 210.xx.yy.zz , port 5060 unchanged > > > ps: the NAT device is Cisco Router IOS NAT > Cisco Internetwork Operating System Software > IOS (tm) 3600 Software (C3620-IK9O3S6-M), Version 12.3(5a), RELEASE > SOFTWARE (fc1) > > Thanks for telling me any ideas -- hsb "Somehow I imagined this experience would be more rewarding" Calvin **************************ROT13 MY ADDRESS************************* Due to the volume of email that I receive, I may not not be able to reply to emails sent to my account. Please post a followup instead. ******************************************************************** | ||||||||||||||||
| Similar Threads | Posted |
| why mutiple NAT/PAT session mapping | June 13, 2005, 5:01 am |
| Mutiple external IPs on single interface | January 6, 2006, 7:33 pm |
| HSRP over mutiple 6509 switches | February 17, 2006, 10:17 am |
| SSH session | June 23, 2006, 11:01 am |
| PIX 6.3(5) kill ssh session? | December 14, 2005, 9:27 am |
| bgp session flaps | January 18, 2006, 7:11 am |
| CSS 11500 session log | August 25, 2006, 2:01 pm |
| Terminate a VPN session | December 21, 2006, 10:06 am |
| who does session disconnects | August 9, 2007, 2:05 am |
| CHAP for Telnet session? | August 4, 2005, 8:33 am |
| 2950 monitor session | May 5, 2006, 12:56 pm |
| [URGENT] cleaning vty session. | January 24, 2007, 11:03 am |
| ASA 7.2 & 8.0: disconnect PPPoE session | December 29, 2008, 9:41 am |
| 3620 session creation rate | March 16, 2006, 11:25 am |
| cisco vpn client session does not time out | August 24, 2006, 1:42 am |