GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
RE: traceroute posted 07/01/2007
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


It works without PBR. See configs, outputs and debugs:

++++++++++++++++++++++++++
R1:
!
interface Ethernet1/0
 ip address 12.12.12.1 255.255.255.0
!
++++++++++++++++++++++++++
R2:
!
interface Loopback0
 ip address 2.2.2.2 255.255.255.0
!
interface Ethernet1/0
 ip address 12.12.12.2 255.255.255.0
 ip nat outside
!
ip nat inside source list 102 interface Loopback0 overload
!
access-list 102 permit icmp any any port-unreachable
access-list 102 permit icmp any any ttl-exceeded
!
++++++++++++++++++++++++++
R1#trace 12.12.12.2

Type escape sequence to abort.
Tracing the route to 12.12.12.2

  1 2.2.2.2 0 msec *  4 msec
R1#
++++++++++++++++++++++++++
R2#deb ip nat                
IP NAT debugging is on
R2#clear ip nat translation *
R2#sh ip nat translations    

R2#
*Mar  1 02:07:58.033: NAT: s=12.12.12.2->2.2.2.2, d=12.12.12.1 [127]
R2#
*Mar  1 02:08:01.034: NAT: s=12.12.12.2->2.2.2.2, d=12.12.12.1 [128]
R2#
++++++++++++++++++++++++++
R2#sh ip nat trans
Pro Inside global      Inside local       Outside local      Outside global
icmp 2.2.2.2:33434     12.12.12.2:33434   12.12.12.1:40476
12.12.12.1:40476
icmp 2.2.2.2:33436     12.12.12.2:33436   12.12.12.1:36978
12.12.12.1:36978
R2#
++++++++++++++++++++++++++
R2#sh ip access-lists      
Extended IP access list 102
    10 permit icmp any any port-unreachable (2 matches)
    20 permit icmp any any ttl-exceeded
R2#
++++++++++++++++++++++++++

-----Original Message-----
From: Filyurin, Yan [mailto:yan.filyurin@xxxxxxx] 
Sent: domingo, 1 de Julho de 2007 20:59
To: Mike Kraus (mikraus); Antonio Soares; Bhaskar Sivanesan; ccie forum
Subject: RE: traceroute

Wouldn't you also need ip local policy routing command, to send locally
originated traffic through Loopback?  In fact would we even need NAT at all?
In other words, traffic is originated locally, it gets policy routed to
next-hop of Loopback interface and it would come sourced from that.  I am
still not sure about the last part.  I will have to lab it up. 



-----Original Message-----
From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx] On Behalf Of Mike
Kraus (mikraus)
Sent: Sunday, July 01, 2007 3:45 PM
To: Antonio Soares; Bhaskar Sivanesan; ccie forum
Subject: RE: traceroute

I just tried this, source is still physical...  Tried just doing ip nat
enable (with NVI) to see if router would magically figure it out too, but to
no avail.

Have you gotten this to work? 

-----Original Message-----
From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx] On Behalf Of
Antonio Soares
Sent: Sunday, July 01, 2007 2:30 PM
To: 'Bhaskar Sivanesan'; 'ccie forum'
Subject: RE: traceroute

None since the traffic is sourced from the router itself.

  _____  

From: Bhaskar Sivanesan [mailto:bas_bharath@xxxxxxxxx]
Sent: domingo, 1 de Julho de 2007 20:25
To: Antonio Soares; ccie forum
Subject: Re: traceroute


Thanks Antonio, which will be the "ip nat inside" interface in this case.
 
cheers


 
----- Original Message ----
From: Antonio Soares <amsoares@xxxxxxxxxx>
To: Bhaskar Sivanesan <bas_bharath@xxxxxxxxx>; ccie forum
<ccielab@xxxxxxxxxxxxxx>
Sent: Sunday, July 1, 2007 8:19:13 PM
Subject: RE: traceroute


The answer is NAT:

Example config:

!
access-list 102 permit icmp any any port-unreachable access-list 102 permit
icmp any any ttl-exceeded !
ip nat inside source list 102 interface Loopback0 overload !
!
interface Ethernet1/0
ip nat outside
! 

-----Original Message-----
From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx] On Behalf Of
Bhaskar Sivanesan
Sent: domingo, 1 de Julho de 2007 19:58
To: ccie forum
Subject: traceroute

Hi group

How do we change the source IP address in the ICMP TTL exceeded reply
messages. 

Like, when I am doing a traceroute, I want the reply to be sourced from the
respective router's loopback ip address rather than the interface address?

is there any way to do it?

thanks


       
________________________________________________________________________
____
________
Building a website is a piece of cake. Yahoo! Small Business gives you all
the tools to get online.
http://smallbusiness.yahoo.com/webhosting 

_______________________________________________________________________
Subscription information may be found at: 
http://www.groupstudy.com/list/CCIELab.html


  _____  

TV dinner still cooling?
Check out  <http://us.rd.yahoo.com/evt=49979/*http://tv.yahoo.com/>
"Tonight's Picks" on Yahoo! TV.

_______________________________________________________________________
Subscription information may be found at: 
http://www.groupstudy.com/list/CCIELab.html

_______________________________________________________________________
Subscription information may be found at: 
http://www.groupstudy.com/list/CCIELab.html