why mutiple NAT/PAT session mapping

- J
- JJ
  
  Contact options for registered users
posted
18 years ago

Mon, Jun 13, 2005 9:01 AM

Dear All Guru :

Under what conditions , the PAT will have more session mapping ?

In theory , if the client site always using the same ip and port no, go to the same destination ip , port ; there should be one PAT mapping , right ?

lab>sho ip nat tran | inc 10.20.2.197 udp 202.xxx.yyy.34:1024 10.20.2.197:5060 210.xx.yy.zz:5060

210.xx.yy.zz:5060 udp 202.xxx.yyy.34:1058 10.20.2.197:5060 210.xx.yy.zz:5060 210.xx.yy.zz:5060

client 10.20.2.197 , port 5060 unchanged destination 210.xx.yy.zz , port 5060 unchanged

ps: the NAT device is Cisco Router IOS NAT Cisco Internetwork Operating System Software IOS (tm) 3600 Software (C3620-IK9O3S6-M), Version 12.3(5a), RELEASE SOFTWARE (fc1)

Thanks for telling me any ideas

- C
- Carl
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Mon, Jun 13, 2005 11:11 AM

it's interesting you ask this because I do not see the point in doing PAT in the situation as above. I have seen issues with this when using SIP and CBAC (ip inspect) with a Cisco 837 in that SIP responses from the proxy server (to the PAT port) are denied. To overcome this I needed to put a static translation for port 5060 client/server. Anyone else seen this ??

Carl

- H
- Hansang Bae
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Thu, Jun 16, 2005 12:37 AM

Assuming the SOURCE port is not ephemeral, then yes. In your example below, the source ports are different.