29 November 2010

NAT: Debugs

NAT Debugs

The most useful command that can be used to troubleshoot NAT is
debug ip packet [access-list | detail]
This debug command essentially shows all the packets that hit the access list for which this command is used. With a properly configured access list, it is often very easy to figure out what is happening to packets as they get routed through the router and where they are headed.

Another useful NAT debugging command is
debug ip nat
This command shows the translations being created on the router as well as packets that are being translated using the NAT translations.

So the two most important NAT debugs are

debug ip packet [access-list | detail]
debug ip nat [access-list | detail]



interface Ethernet0
ip address
ip nat inside

interface Ethernet1
ip address
ip nat outside

ip nat pool letmeout pre 24
ip nat inside source list 7 pool letmeout

ip route
access-list 7 permit

Debug Commands

# debug ip packet
# debug ip nat

Debug Outputs

The output shown below is from turning on the debug commands listed earlier.
IP: NAT enab = 1 trans = 0 flags = 80

The NAT debug output below shows a translation for to
taking place for the traffic headed for the outside local/global address The traffic as can be seen from the IP debugs is ICMPs.
NAT: s=>, d= [30]
IP: s= (Ethernet0), d= (Ethernet1), g=, len 100, 
  forward ICMP type=8, code=0

No comments:

Post a Comment