1.1 Scaling Networks with NAT and PAT  
  1.1.6 Troubleshooting NAT and PAT configuration  
When IP connectivity problems in a NAT environment exist, it is often difficult to determine the cause of the problem. Many times NAT is mistakenly blamed, when in reality there is an underlying problem.

When trying to determine the cause of an IP connectivity problem, it helps to rule out NAT. Use the following steps to determine whether NAT is operating as expected:

  1. Based on the configuration, clearly define what NAT is supposed to achieve.
  2. Verify that correct translations exist in the translation table.
  3. Verify the translation is occurring by using show and debug commands.
  4. Review in detail what is happening to the packet and verify that routers have the correct routing information to move the packet along.

Use the debug ip nat command to verify the operation of the NAT feature by displaying information about every packet that is translated by the router. The debug ip nat detailed command generates a description of each packet considered for translation. This command also outputs information about certain errors or exception conditions, such as the failure to allocate a global address.

Figure shows a sample debug ip nat output. In this example, the first two lines of the debugging output show that a Domain Name System (DNS) request and reply were produced. The remaining lines show the debugging output of a Telnet connection from a host on the inside of the network to a host on the outside of the network.

Decode the debug output by using the following key points:

  • The asterisk next to NAT indicates that the translation is occurring in the fast-switched path. The first packet in a conversation will always go through the slow path, which means this first packet is process-switched. The remaining packets will go through the fast-switched path if a cache entry exists.
  • s = a.b.c.d is the source address.
  • Source address a.b.c.d is translated to w.x.y.z.
  • d = e.f.g.h is the destination address.
  • The value in brackets is the IP identification number. This information may be useful for debugging. This is useful, for example, because it enables correlation with other packet traces from protocol analyzers.

 

Lab Activity

Lab Exercise: Troubleshooting NAT and PAT

In this lab, the student will configure a router for Network Address Translation (NAT) and Port Address Translation (PAT).

   
 

Lab Activity

e-Lab Activity: Troubleshooting NAT and PAT

In this lab, the student will configure a router for Network Address Translation and Port Address Translation.
   
 

Web Links

Verifying NAT Operation and Basic NAT Troubleshooting

http://www.cisco.com/en/US/tech/ tk648/tk361/technologies_tech_ note09186a0080094c32.shtml