#

Monday, January 1, 2018

An Effect of Static NAT Misconfiguration

This post is about a wired result I have encountered while troubleshooting NAT related issues.


















Configuration is like the following..

R1(config)#int e0/0
R1(config-if)#ip nat outside
R1(config)#int e0/1
R1(config-if)#ip nat inside

 R1(config)#ip nat inside source static 192.168.1.11 203.115.41.111
R1(config)#ip nat inside source static 192.168.1.12 203.115.41.112

 R2(config)#int e0/0
R2(config-if)#ip nat outside
R2(config)#int e0/1
R2(config-if)#ip nat inside

 R2(config)#ip nat inside source static 192.168.2.11 203.115.41.221
R2(config)#ip nat inside source static 192.168.2.12 203.115.41.222

Now everything works fine.. Pings from PC-1 to public IP of Server-1 (203.115.41.221) is reachable.


Thing to note here is the TTL value which is 253. Which means the server is 2 hops away..




Now let's power down Server-1 and start a ping from PC-1


Obviously  it is not pinging..





But what if the ip nat outside command on e0/0 of R2 is not issued?

Well it is now reachable. Notice the TTL value which is 254 now, which tells the hop count is 1 this time.
Which means R2 is responding as the internal Servers even they are really not reachable.


Traffic does not even go to servers. No translation has occurred. But R2 is replying for the public IP of servers because of the misconfiguration of NAT commands..

Note:- 

This happens in Domainless NATing too.
by at
Tags ,

1 comment:

  1. AnonymousAugust 25, 2018 at 2:28 PM

    It's actually a nice and helpful piece of information. I'm satisfied that you
    just shared this useful info with us. Please stay us informed like
    this. Thanks for sharing.

    My website; Aura Muslim Distro

    ReplyDelete

Subscribe to: Post Comments (Atom)