Troubleshooting NAT

To view NAT operation, use the debug ip nat [list | detailed] command, which displays a line of output for each packet that is translated. Example D-7 shows sample output using the debug ip nat command.

Example D-7 Tracing NAT Operations with debug ip nat

router#debug ip

nat

NAT:

s=10.1.1

1

->172

16

2.2, d=172.30

2.132

[6825]

NAT:

s=172.30

2

.132,

d=172.16.2.2

>10.1

1

1

[21852]

NAT:

s=10.1.1

1

->172

16

2.2, d=172.30

1.161

[6826]

NAT*

s=172.30

1

.161,

d=172.16.2.2

>10.1

1

1

[23311]

NAT*

s=10.1.1

1

->172

16

2.2, d=172.30

1.161

[6827]

NAT*

s=10.1.1

1

->172

16

2.2, d=172.30

1.161

[6828]

NAT*

s=172.30

1

.161,

d=172.16.2.2

>10.1

1

1

[23313]

NAT*

s=172.30

1

.161,

d=172.16.2.2

>10.1

1

1

[23325]

As an example of the meaning of the output in Example D-7, consider the fourth line of output:

■ The asterisk next to NAT indicates that the translation is occurring in the fast path. The first packet in a conversation always goes through the slow path (that is, it is process-switched). The remaining packets go through the fast path if a cache entry exists.

■ d=172.16.2.2 is the destination address.

■ 172.16.2.2->10.1.1.1 indicates that the address was translated.

■ The value in brackets is the IP identification number. It might be useful for troubleshooting because it correlates with other packet traces, such as from protocol analyzers.

Was this article helpful?

0 0

Post a comment