why mutiple NAT/PAT session mapping

Discussion in 'Cisco' started by JJ, Jun 13, 2005.

  1. JJ

    JJ Guest

    Dear All Guru :

    Under what conditions , the PAT will have more session mapping ?

    In theory , if the client site always using the same ip and port no,
    go to the same destination ip , port ; there should be one PAT mapping
    , right ?


    lab>sho ip nat tran | inc 10.20.2.197
    udp 202.xxx.yyy.34:1024 10.20.2.197:5060 210.xx.yy.zz:5060
    210.xx.yy.zz:5060
    udp 202.xxx.yyy.34:1058 10.20.2.197:5060 210.xx.yy.zz:5060
    210.xx.yy.zz:5060

    client 10.20.2.197 , port 5060 unchanged
    destination 210.xx.yy.zz , port 5060 unchanged


    ps: the NAT device is Cisco Router IOS NAT
    Cisco Internetwork Operating System Software
    IOS (tm) 3600 Software (C3620-IK9O3S6-M), Version 12.3(5a), RELEASE
    SOFTWARE (fc1)

    Thanks for telling me any ideas
    JJ, Jun 13, 2005
    #1
    1. Advertising

  2. JJ

    Carl Guest

    JJ wrote:
    > Dear All Guru :
    >
    > Under what conditions , the PAT will have more session mapping ?
    >
    > In theory , if the client site always using the same ip and port no,
    > go to the same destination ip , port ; there should be one PAT mapping
    > , right ?
    >
    >
    > lab>sho ip nat tran | inc 10.20.2.197
    > udp 202.xxx.yyy.34:1024 10.20.2.197:5060 210.xx.yy.zz:5060
    > 210.xx.yy.zz:5060
    > udp 202.xxx.yyy.34:1058 10.20.2.197:5060 210.xx.yy.zz:5060
    > 210.xx.yy.zz:5060
    >
    > client 10.20.2.197 , port 5060 unchanged
    > destination 210.xx.yy.zz , port 5060 unchanged
    >
    >
    > ps: the NAT device is Cisco Router IOS NAT
    > Cisco Internetwork Operating System Software
    > IOS (tm) 3600 Software (C3620-IK9O3S6-M), Version 12.3(5a), RELEASE
    > SOFTWARE (fc1)
    >
    > Thanks for telling me any ideas
    >


    it's interesting you ask this because I do not see the point in doing
    PAT in the situation as above. I have seen issues with this when using
    SIP and CBAC (ip inspect) with a Cisco 837 in that SIP responses from
    the proxy server (to the PAT port) are denied. To overcome this I
    needed to put a static translation for port 5060 client/server. Anyone
    else seen this ??

    Carl
    Carl, Jun 13, 2005
    #2
    1. Advertising

  3. JJ

    Hansang Bae Guest

    JJ wrote:
    > Under what conditions , the PAT will have more session mapping ?
    > In theory , if the client site always using the same ip and port no,
    > go to the same destination ip , port ; there should be one PAT mapping
    > , right ?


    Assuming the SOURCE port is not ephemeral, then yes. In your example
    below, the source ports are different.
    >
    >
    > lab>sho ip nat tran | inc 10.20.2.197
    > udp 202.xxx.yyy.34:1024 10.20.2.197:5060 210.xx.yy.zz:5060
    > 210.xx.yy.zz:5060
    > udp 202.xxx.yyy.34:1058 10.20.2.197:5060 210.xx.yy.zz:5060
    > 210.xx.yy.zz:5060
    >
    > client 10.20.2.197 , port 5060 unchanged
    > destination 210.xx.yy.zz , port 5060 unchanged
    >
    >
    > ps: the NAT device is Cisco Router IOS NAT
    > Cisco Internetwork Operating System Software
    > IOS (tm) 3600 Software (C3620-IK9O3S6-M), Version 12.3(5a), RELEASE
    > SOFTWARE (fc1)
    >
    > Thanks for telling me any ideas




    --

    hsb


    "Somehow I imagined this experience would be more rewarding" Calvin
    **************************ROT13 MY ADDRESS*************************
    Due to the volume of email that I receive, I may not not be able to
    reply to emails sent to my account. Please post a followup instead.
    ********************************************************************
    Hansang Bae, Jun 16, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. mcaissie

    Cisco VPN session through PAT

    mcaissie, Nov 5, 2003, in forum: Cisco
    Replies:
    1
    Views:
    2,923
    mcaissie
    Nov 5, 2003
  2. Forrest

    Mutiple Subnet NAT on PIX 515e

    Forrest, Jun 27, 2004, in forum: Cisco
    Replies:
    2
    Views:
    1,597
    Forrest
    Jun 27, 2004
  3. spec
    Replies:
    2
    Views:
    1,419
    Walter Roberson
    May 25, 2006
  4. kalim
    Replies:
    0
    Views:
    1,051
    kalim
    Jul 12, 2007
  5. Steven Carr
    Replies:
    7
    Views:
    732
Loading...

Share This Page